CVE-2006-5263

phpmyagenda < 3.1_beta_1 - Directory Traversal and Arbitrary File Execution via Language Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5263. PoCs published by Nima Salehi.

AI-analyzed exploit summary This exploit leverages a log poisoning vulnerability in phpMyAgenda < 3.1 to inject PHP code into the access log, which is then executed via a null-byte injection in the language parameter. It provides a semi-interactive shell by sending commands through HTTP requests.

Description

Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nima Salehi · perlwebappsphp

https://www.exploit-db.com/exploits/2500

View Code ZIP pw:eip

This exploit leverages a log poisoning vulnerability in phpMyAgenda < 3.1 to inject PHP code into the access log, which is then executed via a null-byte injection in the language parameter. It provides a semi-interactive shell by sending commands through HTTP requests.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: phpMyAgenda < 3.1

No auth needed

Prerequisites: Target must have phpMyAgenda < 3.1 installed · Access to the web server's access log must be possible via path traversal · PHP must be configured to allow execution from the log directory

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →