CVE-2006-4205

WebDynamite ProjectButler 0.8.4 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4205. PoCs published by the master.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion (RFI) vulnerability in ProjectButler 0.8.4 by manipulating the 'rootdir' parameter in multiple PHP files to include arbitrary remote files. The vulnerability allows an attacker to execute remote code by including a malicious file hosted on an external server.

Description

Multiple PHP remote file inclusion vulnerabilities in WebDynamite ProjectButler 0.8.4 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to /classes/ scripts including (1) Cache.class.php, (2) Customer.class.php, (3) Performance.class.php, (4) Project.class.php, (5) Representative.class.php, (6) User.class.php, or (7) common.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by the master · textwebappsphp
https://www.exploit-db.com/exploits/2183

This exploit demonstrates a remote file inclusion (RFI) vulnerability in ProjectButler 0.8.4 by manipulating the 'rootdir' parameter in multiple PHP files to include arbitrary remote files. The vulnerability allows an attacker to execute remote code by including a malicious file hosted on an external server.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: ProjectButler 0.8.4
No auth needed
Prerequisites: Remote file hosting capability · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/28362
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/19503
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2183
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3294

Scores

EPSS 0.0243
EPSS Percentile 82.1%

Details

Status published
Products (1)
webdynamite/projectbutler 0.8.4
Published Aug 17, 2006
Tracked Since Feb 18, 2026