CVE-2006-5615

Textpattern 1.19 - Remote File Inclusion via txpcfg[txpath] Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5615. PoCs published by Bithedz.

AI-analyzed exploit summary This is a writeup describing a remote file inclusion vulnerability in TextPattern <=g1.19. The vulnerability allows arbitrary PHP code execution by manipulating the 'txpcfg[txpath]' parameter in publish.php.

Description

PHP remote file inclusion vulnerability in publish.php in Textpattern 1.19, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the txpcfg[txpath] parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Bithedz · textwebappsphp

https://www.exploit-db.com/exploits/2646

View Code ZIP pw:eip

This is a writeup describing a remote file inclusion vulnerability in TextPattern <=g1.19. The vulnerability allows arbitrary PHP code execution by manipulating the 'txpcfg[txpath]' parameter in publish.php.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: TextPattern <=g1.19

No auth needed

Prerequisites: Target running TextPattern <=g1.19 · Remote file inclusion enabled on the server

MITRE ATT&CK

T1189 - Drive-by Compromise T1218 - System Binary Proxy Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/1794

Exploit, Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/20769

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/449907/100/0/threaded

Scores

EPSS 0.0247

EPSS Percentile 82.5%

Details

Status published

Products (1)

textpattern/textpattern 1.19

Published Oct 31, 2006

Tracked Since Feb 18, 2026