CVE-2006-4008

Knusperleicht Faq 1.0 - Remote File Inclusion via faq_path Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4008. PoCs published by Kurdish Security.

AI-analyzed exploit summary The code describes a remote file inclusion vulnerability in FAQ Script 1.0 due to improper input sanitization. An attacker can exploit this by manipulating the 'faq_path' parameter to include and execute arbitrary remote PHP code.

Description

PHP remote file inclusion vulnerability in index.php in Knusperleicht Faq 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the faq_path parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Kurdish Security · textwebappsphp
https://www.exploit-db.com/exploits/28319

The code describes a remote file inclusion vulnerability in FAQ Script 1.0 due to improper input sanitization. An attacker can exploit this by manipulating the 'faq_path' parameter to include and execute arbitrary remote PHP code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: FAQ Script 1.0
No auth needed
Prerequisites: Remote file inclusion must be enabled on the server · Attacker must be able to host malicious PHP code on a remote server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/28130
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1332
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/441812/100/0/threaded
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/19272

Scores

EPSS 0.0248
EPSS Percentile 82.5%

Details

Status published
Products (1)
knusperleicht/faq 1.0
Published Aug 07, 2006
Tracked Since Feb 18, 2026