CVE-2006-5762

Free PHP Scripts Free File Hosting < 1.1 - Code Injection

Title source: rule

Description

PHP remote file inclusion vulnerability in forgot_pass.php in Free File Hosting 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: this issue was later reported for the "File Upload System" which is a component of Free File Hosting. This also affects Free Image Hosting 2.0, which contains the same code.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Crackers_Child · textwebappsphp
https://www.exploit-db.com/exploits/3568
exploitdb WORKING POC VERIFIED
by Kacper · phpwebappsphp
https://www.exploit-db.com/exploits/2670

References (12)

Scores

EPSS 0.1630
EPSS Percentile 94.8%

Details

CWE
CWE-94
Status published
Products (2)
free_php_scripts/free_file_hosting < 1.1
free_php_scripts/free_image_hosting 2.0
Published Nov 06, 2006
Tracked Since Feb 18, 2026