CVE-2006-4422

Jetbox CMS 2.1 - Remote File Inclusion via relative_script_path Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4422. PoCs published by D3nGeR.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in Jetbox CMS 2.1, where unsanitized user input in the 'relative_script_path' parameter allows arbitrary remote file execution. However, no actual exploit code is present, only a description and example URL.

Description

PHP remote file inclusion vulnerability in includes/phpdig/libs/search_function.php in Jetbox CMS 2.1 allows remote attackers to execute arbitrary PHP code via a URL in the relative_script_path parameter, a different vector than CVE-2006-2270. NOTE: this issue has been disputed, and as of 20060830, CVE analysis concurs with the dispute. In addition, it is likely that the vulnerability is actually in a third party module, phpDig 1.8.8

Exploits (1)

exploitdb WRITEUP VERIFIED
by D3nGeR · textwebappsphp
https://www.exploit-db.com/exploits/28431

The provided text describes a remote file inclusion vulnerability in Jetbox CMS 2.1, where unsanitized user input in the 'relative_script_path' parameter allows arbitrary remote file execution. However, no actual exploit code is present, only a description and example URL.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Jetbox CMS 2.1
No auth needed
Prerequisites: Remote file hosting with malicious PHP code · Target server with allow_url_include enabled
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/444422/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/444740/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/28588
Third Party Advisory mailing-list x_refsource_vim
http://www.attrition.org/pipermail/vim/2006-August/000997.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016765
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/19722
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/444640/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/444822/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/28299
Third Party Advisory mailing-list x_refsource_vim
http://www.attrition.org/pipermail/vim/2006-August/001003.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/444826/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/444527/100/0/threaded

Scores

EPSS 0.0439
EPSS Percentile 90.1%

Details

Status published
Products (1)
jetbox/jetbox_cms 2.1
Published Aug 29, 2006
Tracked Since Feb 18, 2026