CVE-2006-6887

logahead UNU 1.0 - Remote Code Execution via WidgEd Plugin File Upload

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6887. PoCs published by CorryL.

AI-analyzed exploit summary This is an advisory for CVE-2006-6887, describing a remote file upload vulnerability in logahead UNU edition 1.0. The vulnerability allows an attacker to upload a PHP file and execute arbitrary commands on the server.

Description

Unrestricted file upload vulnerability in logahead UNU 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), a different vulnerability than CVE-2006-6783. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by CorryL · textwebappsphp

https://www.exploit-db.com/exploits/3014

View Code ZIP pw:eip

This is an advisory for CVE-2006-6887, describing a remote file upload vulnerability in logahead UNU edition 1.0. The vulnerability allows an attacker to upload a PHP file and execute arbitrary commands on the server.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: logahead UNU edition 1.0

No auth needed

Prerequisites: Network access to the vulnerable application

MITRE ATT&CK

T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23470

Scores

EPSS 0.0163

EPSS Percentile 73.0%

Details

CWE

CWE-94

Status published

Products (1)

logahead/logahead_unu 1.0

Published Dec 31, 2006

Tracked Since Feb 18, 2026