CVE-2006-6376

Simple File Manager 0.24a - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6376. PoCs published by flame.

AI-analyzed exploit summary This is a detailed writeup describing multiple vulnerabilities in Simple File Manager (SFM) v0.24, including arbitrary file read, delete, modify, create, and upload. It provides URLs and HTML forms for exploitation but does not contain executable exploit code.

Description

Multiple directory traversal vulnerabilities in fm.php in Simple File Manager (SFM) 0.24a allow remote attackers to use ".." sequences to (1) read arbitrary files via the filename parameter in a download action, (2) delete arbitrary files via the delete parameter, and (3) modify arbitrary files via the edit parameter, which can be leveraged to execute arbitrary code.

Exploits (1)

exploitdb WRITEUP VERIFIED
by flame · textwebappsphp
https://www.exploit-db.com/exploits/2883

This is a detailed writeup describing multiple vulnerabilities in Simple File Manager (SFM) v0.24, including arbitrary file read, delete, modify, create, and upload. It provides URLs and HTML forms for exploitation but does not contain executable exploit code.

Classification
Writeup 100%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Simple File Manager (SFM) <= 0.24
No auth needed
Prerequisites: Access to the SFM web interface
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30687
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2883

Scores

EPSS 0.0402
EPSS Percentile 89.4%

Details

Status published
Products (1)
onedotoh/simple_file_manager 0.24a
Published Dec 07, 2006
Tracked Since Feb 18, 2026