CVE-2006-5316

registroTL - Unauthenticated Sensitive Information Exposure via Direct Database Download

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5316. PoCs published by DarkFig.

AI-analyzed exploit summary This is a writeup describing a file inclusion vulnerability in the 'registroTL' PHP script, where the 'page' parameter is used unsafely in an include statement, allowing remote file inclusion and source disclosure. The writeup provides examples of exploitation but does not include functional exploit code.

Description

registroTL stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for /usuarios.dat.

Exploits (1)

exploitdb WRITEUP VERIFIED
by DarkFig · textwebappsphp
https://www.exploit-db.com/exploits/2502

This is a writeup describing a file inclusion vulnerability in the 'registroTL' PHP script, where the 'page' parameter is used unsafely in an include statement, allowing remote file inclusion and source disclosure. The writeup provides examples of exploitation but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: registroTL (version not specified)
No auth needed
Prerequisites: vulnerable version of registroTL · ability to send crafted HTTP requests to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1734
Exploit x_refsource_misc
http://acid-root.new.fr/poc/13061007.txt
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/448096/100/0/threaded
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2502

Scores

EPSS 0.0264
EPSS Percentile 83.6%

Details

Status published
Products (2)
phplibre/registrotl 0.1b
phplibre/registrotl 0.5b
Published Oct 17, 2006
Tracked Since Feb 18, 2026