CVE-2006-6710

PgmReloaded < 0.8.5 - Remote Code Execution via PHP File Inclusion

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6710. PoCs published by nuffsaid.

AI-analyzed exploit summary This exploit demonstrates multiple remote file inclusion vulnerabilities in PgmReloaded <= 0.8.5. The vulnerabilities allow an attacker to include and execute arbitrary remote PHP files by manipulating uninitialized variables in query strings.

Description

Multiple PHP remote file inclusion vulnerabilities in PgmReloaded 0.8.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang parameter to (a) index.php, the (2) CFG[libdir] and (3) CFG[localedir] parameters to (b) common.inc.php, and the CFG[localelangdir] parameter to (c) form_header.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by nuffsaid · textwebappsphp

https://www.exploit-db.com/exploits/2971

View Code ZIP pw:eip

This exploit demonstrates multiple remote file inclusion vulnerabilities in PgmReloaded <= 0.8.5. The vulnerabilities allow an attacker to include and execute arbitrary remote PHP files by manipulating uninitialized variables in query strings.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: PgmReloaded <= 0.8.5

No auth needed

Prerequisites: register_globals = on (for most vulnerabilities) · ability to host a malicious PHP file on a remote server

MITRE ATT&CK

T1189 - Drive-by Compromise T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/5116

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/21696

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23480

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/2971

Scores

EPSS 0.0228

EPSS Percentile 80.9%

Details

CWE

CWE-94

Status published

Products (12)

matteolucarelli/pgmreloaded 0.5

matteolucarelli/pgmreloaded 0.6

matteolucarelli/pgmreloaded 0.6.2

matteolucarelli/pgmreloaded 0.7

matteolucarelli/pgmreloaded 0.7.1

matteolucarelli/pgmreloaded 0.7.3

matteolucarelli/pgmreloaded 0.8

matteolucarelli/pgmreloaded 0.8.1

matteolucarelli/pgmreloaded 0.8.2

matteolucarelli/pgmreloaded 0.8.3

... and 2 more

Published Dec 23, 2006

Tracked Since Feb 18, 2026