CVE-2006-4428

CRITICAL

Jupiter CMS 1.1.5 - Remote File Inclusion via Template Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4428. PoCs published by D3nGeR.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in Jupiter CMS 1.1.5, where unsanitized user input in the 'template' parameter allows arbitrary file inclusion. No actual exploit code is present, only a description and example URL.

Description

PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter. NOTE: CVE disputes this claim, since the $template variable is defined as a static value before it is referenced in an include statement

Exploits (1)

exploitdb WRITEUP VERIFIED

by D3nGeR · textwebappsphp

https://www.exploit-db.com/exploits/28430

View Code ZIP pw:eip

The provided text describes a remote file inclusion vulnerability in Jupiter CMS 1.1.5, where unsanitized user input in the 'template' parameter allows arbitrary file inclusion. No actual exploit code is present, only a description and example URL.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Jupiter CMS 1.1.5

No auth needed

Prerequisites: Remote file inclusion must be enabled on the server · Attacker must be able to host a malicious PHP file on an accessible server

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/444421/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/28298

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/444729/100/0/threaded

Third Party Advisory mailing-list x_refsource_vim

http://www.attrition.org/pipermail/vim/2006-August/000996.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/28589

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/19721

Scores

CVSS v3 9.8

EPSS 0.0733

EPSS Percentile 91.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

Status published

Products (1)

jupiter_cms/jupiter_cms 1.1.5

Published Aug 29, 2006

Tracked Since Feb 18, 2026