CVE-2006-6738

cwmCounter <5.1.1 - Code Injection

Title source: llm

Description

PHP remote file inclusion vulnerability in statistic.php in cwmCounter 5.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by bd0rk · perlwebappsphp
https://www.exploit-db.com/exploits/2960

References (4)

Scores

EPSS 0.0283
EPSS Percentile 86.2%

Details

CWE
CWE-94
Status published
Products (1)
cwm-design/cwmcounter < 5.1.1
Published Dec 26, 2006
Tracked Since Feb 18, 2026