CVE-2006-5411

FreeWPS < 2.11 - Unauthenticated Arbitrary File Upload via upload.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5411. PoCs published by HACKERS PAL.

AI-analyzed exploit summary This exploit targets a file upload vulnerability in FreeWPS 2.11, allowing arbitrary command execution by uploading a malicious PHP file. The script constructs a multipart POST request to bypass restrictions and uploads a shell, then executes a command via the uploaded file.

Description

Unrestricted file upload vulnerability in upload.php for Free Web Publishing System (FreeWPS), possibly 2.11 and earlier, allows remote attackers to upload and execute arbitrary PHP programs.

Exploits (1)

exploitdb WORKING POC VERIFIED

by HACKERS PAL · phpwebappsphp

https://www.exploit-db.com/exploits/28795

View Code ZIP pw:eip

This exploit targets a file upload vulnerability in FreeWPS 2.11, allowing arbitrary command execution by uploading a malicious PHP file. The script constructs a multipart POST request to bypass restrictions and uploads a shell, then executes a command via the uploaded file.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: FreeWPS 2.11

No auth needed

Prerequisites: Target must have FreeWPS 2.11 or a vulnerable version installed · Upload directory must be writable by the webserver · PHP must be enabled on the target server

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1203 - Exploitation for Client Execution T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →