CVE-2006-6880

php-update < 2.7 - SQL Injection via newmessage, newname, newwebsite, or newemail Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6880. PoCs published by rgod.

AI-analyzed exploit summary This exploit leverages a SQL injection vulnerability in PHP-Update <= 2.7 via the `str_replace()` function in the guestbook feature. It extracts admin credentials, uploads a malicious PHP file, and executes arbitrary commands on the target system.

Description

Multiple SQL injection vulnerabilities in code/guestadd.php in PHP-Update 2.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) newmessage, (2) newname, (3) newwebsite, or (4) newemail parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by rgod · phpwebappsphp
https://www.exploit-db.com/exploits/3017

This exploit leverages a SQL injection vulnerability in PHP-Update <= 2.7 via the `str_replace()` function in the guestbook feature. It extracts admin credentials, uploads a malicious PHP file, and executes arbitrary commands on the target system.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: PHP-Update <= 2.7
No auth needed
Prerequisites: Target must be running PHP-Update <= 2.7 with MySQL >= 4.1 · Guestbook feature must be enabled
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21772
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/3017
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23486

Scores

EPSS 0.0097
EPSS Percentile 57.3%

Details

CWE
CWE-89
Status published
Products (1)
php-update/php-update < 2.7
Published Dec 31, 2006
Tracked Since Feb 18, 2026