CVE-2006-5193

wikyblog <= 1.2.3 - Remote File Inclusion via includeDir Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5193. PoCs published by MoHaNdKo.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in WikyBlog 1.2.3 and earlier, but it is noted that the BID is being retired as further analysis revealed the application is not vulnerable. No actual exploit code is present.

Description

PHP remote file inclusion vulnerability in index.php in Josh Schmidt WikyBlog 1.2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includeDir parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by MoHaNdKo · textwebappsphp
https://www.exploit-db.com/exploits/28761

The provided text describes a remote file inclusion vulnerability in WikyBlog 1.2.3 and earlier, but it is noted that the BID is being retired as further analysis revealed the application is not vulnerable. No actual exploit code is present.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: WikyBlog 1.2.3 and earlier
No auth needed
Prerequisites: Remote file inclusion vulnerability in the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/447896/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29331
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/20350
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/447735/100/0/threaded

Scores

EPSS 0.0240
EPSS Percentile 81.9%

Details

Status published
Products (3)
wikyblog/wikyblog 1.2.1
wikyblog/wikyblog 1.2.2
wikyblog/wikyblog < 1.2.3
Published Oct 10, 2006
Tracked Since Feb 18, 2026