CVE-2006-5918

PHP Rapid Kill 5.7 Pro - Unauthenticated Arbitrary File Upload via Link to Download Field

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5918. PoCs published by DigitALL.

AI-analyzed exploit summary This is a writeup describing a shell upload vulnerability in PHP RapidKill Pro 5.x. It provides a Google dork and instructions to exploit the vulnerability by uploading a shell file and renaming it to execute PHP code.

Description

Unrestricted file upload vulnerability in RapidKill (aka PHP Rapid Kill) 5.7 Pro, and certain other versions, allows remote attackers to upload and execute arbitrary PHP scripts via the "Link to Download" field. NOTE: it is possible that the field value is restricted to files on specific public web sites.

Exploits (1)

exploitdb WRITEUP VERIFIED

by DigitALL · textwebappsphp

https://www.exploit-db.com/exploits/12272

View Code ZIP pw:eip

This is a writeup describing a shell upload vulnerability in PHP RapidKill Pro 5.x. It provides a Google dork and instructions to exploit the vulnerability by uploading a shell file and renaming it to execute PHP code.

Classification

Writeup 80%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: PHP RapidKill Pro 5.x

No auth needed

Prerequisites: access to the target web application · ability to upload files

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/1862

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/20896

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/450681/100/0/threaded

Scores

EPSS 0.0238

EPSS Percentile 81.7%

Details

Status published

Products (1)

php_rapid_kill/php_rapid_kill 5.7_pro

Published Nov 15, 2006

Tracked Since Feb 18, 2026