CVE-2006-4063

Csaba Godor SAPID Blog Beta 2 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2006-4063. PoCs published by Kacper.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in SAPID Shop <= v1.2 by manipulating the `GLOBALS[root_path]` parameter in `get_tree.inc.php`. The attacker can include and execute arbitrary remote scripts, leading to potential remote code execution.

Description

Multiple PHP remote file inclusion vulnerabilities in Csaba Godor SAPID Blog Beta 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_blog_infochannel.inc.php, (b) usr/extensions/get_blog_meta_info.inc.php, or (c) usr/extensions/get_infochannel.inc.php; or the (2) GLOBALS[root_path] parameter to (d) usr/extensions/get_tree.inc.php.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Kacper · textwebappsphp
https://www.exploit-db.com/exploits/2131

This exploit demonstrates a remote file inclusion vulnerability in SAPID Shop <= v1.2 by manipulating the `GLOBALS[root_path]` parameter in `get_tree.inc.php`. The attacker can include and execute arbitrary remote scripts, leading to potential remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: SAPID Shop <= v1.2
No auth needed
Prerequisites: Access to the target web application · Ability to host a malicious script on a remote server
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Kacper · textwebappsphp
https://www.exploit-db.com/exploits/2129

This exploit demonstrates a remote file inclusion vulnerability in SAPID Blog Beta 2 by manipulating the 'root_path' parameter in multiple PHP scripts. An attacker can include arbitrary remote scripts, potentially leading to remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: SAPID Blog Beta 2
No auth needed
Prerequisites: Remote file inclusion must be enabled on the target server · Attacker must be able to host a malicious script on a remote server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Kacper · textwebappsphp
https://www.exploit-db.com/exploits/2128

This exploit demonstrates a remote file inclusion vulnerability in SAPID CMS <= v. 1.2.3.05 by manipulating the 'root_path' parameter in two PHP scripts. It allows an attacker to include and execute arbitrary remote scripts.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: SAPID CMS <= v. 1.2.3.05
No auth needed
Prerequisites: Remote file inclusion must be enabled on the target server · Attacker must be able to host a malicious script on a remote server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
webappsphp
https://www.exploit-db.com/exploits/2130

The exploit demonstrates a remote file inclusion vulnerability in SAPID Gallery <= v.1 by manipulating the 'root_path' parameter in two PHP scripts. This allows an attacker to include and execute arbitrary remote scripts, leading to potential remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: SAPID Gallery <= v.1
No auth needed
Prerequisites: Access to the target web server · Ability to host malicious scripts on a remote server
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/28251
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2129
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3196

Scores

EPSS 0.0309
EPSS Percentile 86.0%

Details

Status published
Products (1)
csaba_godor/sapid_blog_beta_2 initial
Published Aug 10, 2006
Tracked Since Feb 18, 2026