CVE-2006-3964

Banex PHP MySQL Banner Exchange <2.21 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3964. PoCs published by SirDarckCat.

AI-analyzed exploit summary The provided text describes SQL injection and remote file inclusion vulnerabilities in PHP MySQL Banner Exchange 2.1. It outlines the attack vectors but does not include functional exploit code.

Description

PHP remote file inclusion vulnerability in members.php in Banex PHP MySQL Banner Exchange 2.21 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_root parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by SirDarckCat · textwebappsphp

https://www.exploit-db.com/exploits/28308

View Code ZIP pw:eip

The provided text describes SQL injection and remote file inclusion vulnerabilities in PHP MySQL Banner Exchange 2.1. It outlines the attack vectors but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Sqli | Rce

Complexity

Trivial

Reliability

Theoretical

Target: PHP MySQL Banner Exchange 2.1

No auth needed

Prerequisites: Network access to the target application · PHP MySQL Banner Exchange 2.1 installation

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Mailing List mailing-list x_refsource_fulldisc

http://marc.info/?l=full-disclosure&m=115423462216111&w=2

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/19240

Scores

EPSS 0.0227

EPSS Percentile 80.8%

Details

Status published

Products (1)

banex/banex 2.21

Published Aug 01, 2006

Tracked Since Feb 18, 2026