CVE-2006-5555

EPNadmin 0.7 and 0.7.1 - Remote File Inclusion via Langage Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5555. PoCs published by Kw3[R]Ln.

AI-analyzed exploit summary This Perl script exploits a remote command execution vulnerability in EPNadmin 0.7 by injecting a malicious URL parameter to fetch and execute commands from a remote shell script. It leverages LWP::Simple to send HTTP requests with crafted parameters.

Description

PHP remote file inclusion vulnerability in constantes.inc.php in EPNadmin 0.7 and 0.7.1 allows remote attackers to execute arbitrary PHP code via the langage parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Kw3[R]Ln · perlwebappsphp
https://www.exploit-db.com/exploits/2596

This Perl script exploits a remote command execution vulnerability in EPNadmin 0.7 by injecting a malicious URL parameter to fetch and execute commands from a remote shell script. It leverages LWP::Simple to send HTTP requests with crafted parameters.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: EPNadmin 0.7
No auth needed
Prerequisites: Target running EPNadmin 0.7 · Network access to the target · Remote shell script hosted on an accessible server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2596
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22508
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/20624
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4167
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29671

Scores

EPSS 0.0316
EPSS Percentile 86.3%

Details

Status published
Products (2)
epnadmin/epnadmin 0.7
epnadmin/epnadmin 0.7.1
Published Oct 26, 2006
Tracked Since Feb 18, 2026