CVE-2006-5261
PHPMyNews <1.4 - RCE
Title source: llmDescription
Multiple PHP remote file inclusion vulnerabilities in PHPMyNews 1.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the cfg_include_dir parameter in (1) disp_form.php3, (2) disp_smileys.php3, (3) little_news.php3, and (4) index.php3 in include/.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Mehmet Ince · textwebappsphp
https://www.exploit-db.com/exploits/2488
References (5)
Scores
EPSS
0.0624
EPSS Percentile
90.7%
Classification
Status
draft
Affected Products (1)
phpmynews/phpmynews
< 1.4
Timeline
Published
Oct 12, 2006
Tracked Since
Feb 18, 2026