CVE-2006-4631

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-4631. PoCs published by DarkFig, Kacper.

AI-analyzed exploit summary This exploit targets SoftBB 0.1 by leveraging an authenticated PHP code execution vulnerability. It bypasses security mechanisms like magic_quotes_gpc and register_globals to inject a shellcode payload into the application's configuration, allowing remote command execution.

Description

Direct static code injection vulnerability in admin/save_opt.php in SoftBB 0.1, and possibly earlier, allows remote authenticated users to upload and execute arbitrary PHP code via the cache_forum parameter, which saves the code to info_options.php, which is accessible via a direct request.

Exploits (2)

exploitdb WORKING POC VERIFIED

by DarkFig · perlwebappsphp

https://www.exploit-db.com/exploits/2300

View Code ZIP pw:eip

This exploit targets SoftBB 0.1 by leveraging an authenticated PHP code execution vulnerability. It bypasses security mechanisms like magic_quotes_gpc and register_globals to inject a shellcode payload into the application's configuration, allowing remote command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SoftBB 0.1

Auth required

Prerequisites: Valid admin credentials · Access to the admin panel

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Kacper · phpwebappsphp

https://www.exploit-db.com/exploits/28488

View Code ZIP pw:eip

This exploit targets a local file inclusion vulnerability in PHP-Proxima 6.0, allowing arbitrary file reading and remote code execution via crafted HTTP requests. It automates the attack by testing multiple log file paths and injecting commands through the vulnerable 'bb_smilies.php' script.