CVE-2006-4163

myWebland miniBloggie < 1.0 - Remote File Inclusion via fname Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4163. PoCs published by sh3ll.

AI-analyzed exploit summary The exploit describes a remote file inclusion vulnerability in miniBloggie 1.0 due to improper input sanitization in the 'fname' parameter of 'cls_fast_template.php'. An attacker can include arbitrary remote PHP files to execute malicious code in the context of the webserver.

Description

PHP remote file inclusion vulnerability in cls_fast_template.php in myWebland miniBloggie 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fname parameter. NOTE: another researcher was unable to find a way to execute code after including it via a URL. CVE analysis as of 20060816 was inconclusive

Exploits (1)

exploitdb WRITEUP VERIFIED
by sh3ll · textwebappsphp
https://www.exploit-db.com/exploits/28378

The exploit describes a remote file inclusion vulnerability in miniBloggie 1.0 due to improper input sanitization in the 'fname' parameter of 'cls_fast_template.php'. An attacker can include arbitrary remote PHP files to execute malicious code in the context of the webserver.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: miniBloggie 1.0
No auth needed
Prerequisites: Remote PHP file hosting · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/443160/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/442966/100/0/threaded
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/19476

Scores

EPSS 0.0398
EPSS Percentile 89.2%

Details

Status published
Products (1)
mywebland/minibloggie < 1.0
Published Aug 16, 2006
Tracked Since Feb 18, 2026