CVE-2006-6879

PHP-Update <2.7 - RCE

Title source: llm

Description

Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and earlier allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the userfile parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/3017

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by undefined1_ · perlwebappsphp

https://www.exploit-db.com/exploits/3020

View Code ZIP pw:eip

References (5)

[Vendor Advisory] http://secunia.com/advisories/23486

[Exploit, Vendor Advisory] http://www.securityfocus.com/bid/21789

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/31125

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/3017

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/3020

Scores

EPSS 0.0701

EPSS Percentile 91.5%

Details

Status published

Products (1)

php-update/php-update < 2.7

Published Dec 31, 2006

Tracked Since Feb 18, 2026