CVE-2006-4584

Tr Forum 2.0 - Unauthenticated Authentication Bypass and Admin Account Creation via Admin Insert Endpoint

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-4584. PoCs published by EL-KAHINA, DarkFig.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in TR Forum 1.5, allowing an attacker to trick an authenticated admin into submitting a form that adds a new admin account. The PoC is a simple HTML form that submits to the vulnerable endpoint.

Description

Tr Forum 2.0 allows remote attackers to bypass authentication and add an administrative account via the login and password parameters to admin/insert_admin.php.

Exploits (2)

exploitdb WORKING POC VERIFIED

by EL-KAHINA · htmlwebappsphp

https://www.exploit-db.com/exploits/12385

View Code ZIP pw:eip

This exploit demonstrates a CSRF vulnerability in TR Forum 1.5, allowing an attacker to trick an authenticated admin into submitting a form that adds a new admin account. The PoC is a simple HTML form that submits to the vulnerable endpoint.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: TR Forum 1.5

Auth required

Prerequisites: Victim must be authenticated as an admin · Victim must visit the malicious HTML page

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by DarkFig · perlwebappsphp

https://www.exploit-db.com/exploits/2297

View Code ZIP pw:eip

This exploit demonstrates SQL injection and authentication bypass in Tr Forum V2.0 by creating a new admin user and extracting admin credentials via a UNION-based SQLi attack.

Classification

Working Poc 95%

Attack Type

Sqli | Auth Bypass | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Tr Forum V2.0

No auth needed

Prerequisites: network access to the target · Tr Forum V2.0 installed

MITRE ATT&CK