CVE-2006-6581

PHP_Debug 1.1.0 - Remote File Inclusion via debugClassLocation Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6581. PoCs published by Firewall.

AI-analyzed exploit summary The provided text describes a remote file-include vulnerability in Phpdebug due to insufficient sanitization of user-supplied data. It outlines the potential impact and provides a sample exploit URL but lacks actual exploit code.

Description

PHP remote file inclusion vulnerability in tests/debug_test.php in Vernet Loic PHP_Debug 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the debugClassLocation parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Firewall · textwebappsphp
https://www.exploit-db.com/exploits/28998

The provided text describes a remote file-include vulnerability in Phpdebug due to insufficient sanitization of user-supplied data. It outlines the potential impact and provides a sample exploit URL but lacks actual exploit code.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Phpdebug (version not specified)
No auth needed
Prerequisites: Access to the vulnerable PHP application · Ability to host a malicious script on an attacker-controlled server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017219
Third Party Advisory mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=116345671023015&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30234
Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21047

Scores

EPSS 0.0338
EPSS Percentile 87.2%

Details

CWE
CWE-20
Status published
Products (1)
vernet_loic/php_debug 1.1.0
Published Dec 15, 2006
Tracked Since Feb 18, 2026