CVE-2006-4477

Visual Shapers ezContents 2.0.3 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 10 public exploits for CVE-2006-4477. PoCs published by DarkFig.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in ezContents due to improper input sanitization. An attacker can include and execute arbitrary remote PHP code via manipulated GLOBALS parameters.

Description

Multiple PHP remote file inclusion vulnerabilities in Visual Shapers ezContents 2.0.3 allow remote attackers to execute arbitrary PHP code via an empty GLOBALS[rootdp] parameter and an ftps URL in the (1) GLOBALS[admin_home] parameter in (a) diary/event_list.php, (b) gallery/gallery_summary.php, (c) guestbook/showguestbook.php, (d) links/showlinks.php, and (e) reviews/review_summary.php; and the (2) GLOBALS[language_home] parameter in (f) calendar/calendar.php, (g) news/shownews.php, (h) poll/showpoll.php, (i) search/search.php, (j) toprated/toprated.php, and (k) whatsnew/whatsnew.php.

Exploits (10)

exploitdb WORKING POC VERIFIED
by DarkFig · textwebappsphp
https://www.exploit-db.com/exploits/28462

This exploit demonstrates a remote file inclusion vulnerability in ezContents due to improper input sanitization. An attacker can include and execute arbitrary remote PHP code via manipulated GLOBALS parameters.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: ezContents (version not specified)
No auth needed
Prerequisites: Remote file hosting with malicious PHP code · Network access to the vulnerable application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by DarkFig · textwebappsphp
https://www.exploit-db.com/exploits/28459

This exploit leverages a remote file inclusion vulnerability in ezContents due to improper input sanitization. An attacker can include and execute arbitrary PHP code from a remote server by manipulating the `GLOBALS[rootdp]` and `GLOBALS[language_home]` parameters.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: ezContents (version not specified)
No auth needed
Prerequisites: Remote server hosting malicious PHP code · Target application with vulnerable ezContents installation
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by DarkFig · textwebappsphp
https://www.exploit-db.com/exploits/28458

The provided text describes a remote file inclusion vulnerability in ezContents, where unsanitized user input allows an attacker to include and execute arbitrary remote PHP code via manipulated GLOBALS parameters. The example URL demonstrates exploiting the vulnerability to execute a command (ls).

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: ezContents (version not specified)
No auth needed
Prerequisites: Remote file hosting with malicious PHP code · Target application with vulnerable ezContents installation
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by DarkFig · textwebappsphp
https://www.exploit-db.com/exploits/28457

This exploit demonstrates a remote file inclusion vulnerability in ezContents by manipulating the GLOBALS array to include and execute arbitrary PHP code from a remote server. The attack leverages improper input sanitization to achieve remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: ezContents (version not specified)
No auth needed
Prerequisites: Remote server hosting malicious PHP code · Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by DarkFig · textwebappsphp
https://www.exploit-db.com/exploits/28456

This exploit demonstrates a remote file inclusion vulnerability in ezContents by manipulating the `GLOBALS[rootdp]` and `GLOBALS[admin_home]` parameters to include and execute arbitrary PHP code from a remote server.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: ezContents (version not specified)
No auth needed
Prerequisites: Remote server hosting malicious PHP code · Network access to the vulnerable application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by DarkFig · textwebappsphp
https://www.exploit-db.com/exploits/28461

This exploit demonstrates a remote file inclusion vulnerability in ezContents due to improper input sanitization. An attacker can include arbitrary remote PHP code via manipulated GLOBALS parameters in the URL.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: ezContents (version not specified)
No auth needed
Prerequisites: Remote PHP file hosting · Target server with allow_url_fopen enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by DarkFig · textwebappsphp
https://www.exploit-db.com/exploits/28460

This exploit demonstrates a remote file inclusion vulnerability in ezContents by manipulating the GLOBALS array to include and execute arbitrary PHP code from a remote server. The attack leverages improper input sanitization to achieve remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: ezContents (version not specified)
No auth needed
Prerequisites: Access to a remote server hosting malicious PHP code · Network access to the vulnerable ezContents application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by DarkFig · textwebappsphp
https://www.exploit-db.com/exploits/28453

This exploit demonstrates a remote file inclusion vulnerability in ezContents by manipulating the GLOBALS array to include and execute arbitrary PHP code from a remote server. The attack leverages improper input sanitization to achieve remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: ezContents (version not specified)
No auth needed
Prerequisites: Remote server hosting malicious PHP code · Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by DarkFig · textwebappsphp
https://www.exploit-db.com/exploits/28454

This exploit demonstrates a remote file inclusion vulnerability in ezContents by manipulating the 'GLOBALS[rootdp]' and 'GLOBALS[language_home]' parameters to include and execute arbitrary PHP code from a remote server. The attack leverages improper input sanitization to achieve remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: ezContents (version not specified)
No auth needed
Prerequisites: Remote server hosting malicious PHP code · Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by DarkFig · textwebappsphp
https://www.exploit-db.com/exploits/28455

This exploit demonstrates a remote file inclusion vulnerability in ezContents by manipulating the `GLOBALS[rootdp]` and `GLOBALS[admin_home]` parameters to include and execute arbitrary PHP code from a remote server. The attack leverages improper input sanitization to achieve remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: ezContents (version not specified)
No auth needed
Prerequisites: Remote server hosting malicious PHP code · Network access to the vulnerable application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (18)

Core 18
Core References
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/28323
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/28325
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/28330
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/28331
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/28329
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1479
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016770
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/19776
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/28327
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3420
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/28324
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/28322
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/28321
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/28326
Exploit, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21703
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/28674
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/28328
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/444779/100/0/threaded

Scores

EPSS 0.0488
EPSS Percentile 90.9%

Details

Status published
Products (1)
visualshapers/ezcontents 2.0.3
Published Aug 31, 2006
Tracked Since Feb 18, 2026