CVE-2006-5505

PHP File Inclusion - RCE

Title source: llm

Description

Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote attackers to execute arbitrary PHP code via the lang parameter to (1) admin/configuration.inc.php, (2) admin/creer_album.inc.php, (3) admin/changepwd.php.inc, and unspecified other files. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kw3[R]Ln · perlwebappsphp

https://www.exploit-db.com/exploits/2698

View Code ZIP pw:eip

References (5)

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/4168

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/29759

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/20701

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/20859

[Vendor Advisory] http://secunia.com/advisories/22530

Scores

EPSS 0.0247

EPSS Percentile 85.3%

Details

Status published

Products (1)

ben3w/2bgal 3.0

Published Oct 25, 2006

Tracked Since Feb 18, 2026