CVE-2006-6551

Tucows Client Code Suite 1.2.1015 - Remote File Inclusion via _ENV[TCA_HOME] Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6551. PoCs published by 3l3ctric-Cracker.

AI-analyzed exploit summary This exploit targets a remote file inclusion vulnerability in Tucows Open Project, allowing an attacker to include a remote shell script and execute arbitrary commands. The script uses LWP::UserAgent to send crafted HTTP requests to the vulnerable endpoint.

Description

PHP remote file inclusion vulnerability in libs/tucows/api/cartridges/crt_TUCOWS_domains/lib/domainutils.inc.php in Tucows Client Code Suite (CCS) 1.2.1015 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _ENV[TCA_HOME] parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by 3l3ctric-Cracker · pythonwebappsphp
https://www.exploit-db.com/exploits/2896

This exploit targets a remote file inclusion vulnerability in Tucows Open Project, allowing an attacker to include a remote shell script and execute arbitrary commands. The script uses LWP::UserAgent to send crafted HTTP requests to the vulnerable endpoint.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Tucows Open Project 1.2.1015
No auth needed
Prerequisites: Remote shell script hosted on an attacker-controlled server · Network access to the vulnerable Tucows Open Project instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30789
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2896

Scores

EPSS 0.0210
EPSS Percentile 79.2%

Details

Status published
Products (1)
tucows/client_code_suite 1.2.1015
Published Dec 14, 2006
Tracked Since Feb 18, 2026