CVE-2006-6666

VerliAdmin < 0.3 - Authenticated Remote File Inclusion via q Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6666. PoCs published by Kacper.

AI-analyzed exploit summary This exploit targets a file inclusion vulnerability in VerliAdmin <= 0.3, allowing remote command execution via a malicious shell URL. It requires authentication and sends a crafted HTTP request with cookies to trigger the vulnerability.

Description

PHP remote file inclusion vulnerability in index.php in VerliAdmin 0.3 and earlier allows remote authenticated users to execute arbitrary PHP code via a URL in the q parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kacper · textwebappsphp

https://www.exploit-db.com/exploits/2944

View Code ZIP pw:eip

This exploit targets a file inclusion vulnerability in VerliAdmin <= 0.3, allowing remote command execution via a malicious shell URL. It requires authentication and sends a crafted HTTP request with cookies to trigger the vulnerability.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: VerliAdmin <= 0.3

Auth required

Prerequisites: Valid username and password for the target VerliAdmin instance · Access to a remote shell script

MITRE ATT&CK

T1189 - Drive-by Compromise T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/5059

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23418

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/21640

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/2944

Scores

EPSS 0.0245

EPSS Percentile 82.2%

Details

Status published

Products (1)

verliadmin/verliadmin < 0.3

Published Dec 20, 2006

Tracked Since Feb 18, 2026