CVE-2006-4278

SportsPHool 1.0 - RCE

Title source: llm

Description

PHP remote file inclusion vulnerability in includes/layout/plain.footer.php in SportsPHool 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the mainnav parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Kacper · textwebappsphp
https://www.exploit-db.com/exploits/2227
exploitdb WORKING POC
by cr4wl3r · phpwebappsphp
https://www.exploit-db.com/exploits/18018

References (6)

Scores

EPSS 0.1470
EPSS Percentile 94.5%

Details

Status published
Products (1)
sportsphool/sportsphool 1.0
Published Aug 21, 2006
Tracked Since Feb 18, 2026