CVE-2006-5021
CRITICALRedgun RedBLoG 0.5 - RCE
Title source: llmDescription
Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the root parameter in imgen.php, and the root_path parameter in (2) admin/config.php, (3) common.php, and (4) admin/index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
Exploits (4)
exploitdb
WRITEUP
VERIFIED
by Root3r_H3ll · textwebappsphp
https://www.exploit-db.com/exploits/28611
exploitdb
WRITEUP
VERIFIED
by Root3r_H3ll · textwebappsphp
https://www.exploit-db.com/exploits/28613
exploitdb
WRITEUP
VERIFIED
by Root3r_H3ll · textwebappsphp
https://www.exploit-db.com/exploits/28614
exploitdb
WRITEUP
VERIFIED
by Root3r_H3ll · textwebappsphp
https://www.exploit-db.com/exploits/28612
References (1)
Scores
CVSS v3
9.8
EPSS
0.0160
EPSS Percentile
81.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (1)
redblog/redblog
0.5
Published
Sep 27, 2006
Tracked Since
Feb 18, 2026