CVE-2006-5773

freewebshop < 2.2.1 - Directory Traversal via Action Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5773. PoCs published by Spiked.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in FreeWebShop 2.2.x, including SQL injection for authentication bypass, file disclosure, and arbitrary file creation leading to remote code execution. It provides clear, functional payloads for each attack vector.

Description

Directory traversal vulnerability in index.php in FreeWebshop 2.2.1 and earlier allows remote attackers to read arbitrary files and disclose the installation path via a .. (dot dot) in the action parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Spiked · textwebappsphp
https://www.exploit-db.com/exploits/2704

The exploit demonstrates multiple vulnerabilities in FreeWebShop 2.2.x, including SQL injection for authentication bypass, file disclosure, and arbitrary file creation leading to remote code execution. It provides clear, functional payloads for each attack vector.

Classification
Working Poc 100%
Attack Type
Sqli | Auth Bypass | Info Leak | Rce
Complexity
Trivial
Reliability
Reliable
Target: FreeWebShop 2.2.x (and possibly lower)
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4332
Various Sources x_refsource_confirm
http://www.freewebshop.org/index.php?id=27
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2704
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29991
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/20888
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22664

Scores

EPSS 0.0763
EPSS Percentile 93.8%

Details

Status published
Products (1)
freewebshop/freewebshop < 2.2.1
Published Nov 06, 2006
Tracked Since Feb 18, 2026