CVE-2006-6863

CRITICAL

Enigma WordPress Bridge Enigma2.php - Remote File Inclusion Code Execution

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6863. PoCs published by Mehmet Ince.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in Enigma WordPress Bridge due to improper input validation in the 'boarddir' parameter. An attacker can include arbitrary remote files by manipulating the parameter in the URL.

Description

PHP remote file inclusion vulnerability in the Enigma2 plugin (Enigma2.php) in Enigma WordPress Bridge allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. NOTE: CVE disputes this issue, since $boarddir is set to a fixed value

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mehmet Ince · textwebappsphp

https://www.exploit-db.com/exploits/3051

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion vulnerability in Enigma WordPress Bridge due to improper input validation in the 'boarddir' parameter. An attacker can include arbitrary remote files by manipulating the parameter in the URL.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Enigma WordPress Bridge (version not specified)

No auth needed

Prerequisites: Access to the vulnerable WordPress plugin endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/3051

Third Party Advisory mailing-list x_refsource_vim

http://www.attrition.org/pipermail/vim/2007-January/001207.html

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/2093

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/455555/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?017459

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/21826

Scores

CVSS v3 9.8

EPSS 0.0556

EPSS Percentile 90.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

Status published

Products (1)

enigma/wordpress_bridge

Published Dec 31, 2006

Tracked Since Feb 18, 2026