CVE-2006-6879

php-update < 2.7 - Authenticated Arbitrary File Upload via userfile Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-6879. PoCs published by rgod, undefined1_.

AI-analyzed exploit summary This exploit leverages a SQL injection vulnerability in PHP-Update <= 2.7 via the `str_replace()` function in the guestbook feature. It extracts admin credentials, uploads a malicious PHP file, and executes arbitrary commands on the target system.

Description

Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and earlier allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the userfile parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/3017

View Code ZIP pw:eip

This exploit leverages a SQL injection vulnerability in PHP-Update <= 2.7 via the `str_replace()` function in the guestbook feature. It extracts admin credentials, uploads a malicious PHP file, and executes arbitrary commands on the target system.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: PHP-Update <= 2.7

No auth needed

Prerequisites: Target must be running PHP-Update <= 2.7 with MySQL >= 4.1 · Guestbook feature must be enabled

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by undefined1_ · perlwebappsphp

https://www.exploit-db.com/exploits/3020

View Code ZIP pw:eip

This exploit targets a file upload vulnerability in PHP-Update 2.7, allowing remote code execution by uploading a malicious PHP shell. The script interacts with the uploaded shell to execute arbitrary commands on the target system.