CVE-2006-4044

phpCodeCabinet <0.5 - RCE

Title source: llm

Description

PHP remote file inclusion vulnerability in Beautifier/Core.php in Brad Fears phpCodeCabinet 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the BEAUT_PATH parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Minion · textwebappsphp

https://www.exploit-db.com/exploits/2139

View Code ZIP pw:eip

References (6)

Core 6

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21386

Exploit x_refsource_misc

http://downloads.securityfocus.com/vulnerabilities/exploits/PHPCabinetRFIAugust052006.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/28238

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/19359

Exploit mailing-list x_refsource_fulldisc

http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0146.html

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/3168

Scores

EPSS 0.0401

EPSS Percentile 88.6%

Details

Status published

Products (5)

brad_fears/phpcodecabinet 0.1

brad_fears/phpcodecabinet 0.2

brad_fears/phpcodecabinet 0.3

brad_fears/phpcodecabinet 0.4

brad_fears/phpcodecabinet 0.5

Published Aug 09, 2006

Tracked Since Feb 18, 2026