CVE-2006-6866

STphp EasyNews PRO 4.0 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6866. PoCs published by bd0rk.

AI-analyzed exploit summary This is a writeup describing an information disclosure vulnerability in EasyNews PRO News Publishing 4.0. The vulnerability allows remote attackers to access user credentials via a direct path disclosure.

Description

STphp EasyNews PRO 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, email addresses, and password hashes via a direct request for data/users.txt.

Exploits (1)

exploitdb WRITEUP VERIFIED
by bd0rk · textwebappsphp
https://www.exploit-db.com/exploits/3039

This is a writeup describing an information disclosure vulnerability in EasyNews PRO News Publishing 4.0. The vulnerability allows remote attackers to access user credentials via a direct path disclosure.

Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: EasyNews PRO News Publishing 4.0
No auth needed
Prerequisites: knowledge of the target path
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017457
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/3039
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23577
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0011
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/31171

Scores

EPSS 0.0296
EPSS Percentile 85.4%

Details

Status published
Products (1)
stphp/easynews 4.0
Published Dec 31, 2006
Tracked Since Feb 18, 2026