CVE-2006-7052

DotWidget For Articles 0.2 - Remote File Inclusion via Multiple Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 7 public exploits for CVE-2006-7052. PoCs published by SwEET-DeViL.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in dotWidget for Articles, allowing arbitrary PHP code execution via unsanitized input in the 'file_path' parameter. It references a related vulnerability (BID 18258) but does not include functional exploit code.

Description

Multiple PHP remote file inclusion vulnerabilities in DotWidget For Articles (dotwidgeta) 0.2 allow remote attackers to execute arbitrary code via a URL in the (1) file_path parameter to (a) index.php, (b) showcatpicks.php, and (c) showarticle.php; and the (2) admin_header_file and (3) admin_footer_file parameters to (d) admin/authors.php, (e) admin/index.php, (f) admin/categories.php, (g) admin/editconfig.php, and (h) admin/articles.php.

Exploits (7)

exploitdb WRITEUP VERIFIED
by SwEET-DeViL · textwebappsphp
https://www.exploit-db.com/exploits/28039

The provided text describes a remote file inclusion vulnerability in dotWidget for Articles, allowing arbitrary PHP code execution via unsanitized input in the 'file_path' parameter. It references a related vulnerability (BID 18258) but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: dotWidget for Articles
No auth needed
Prerequisites: Remote file hosting with malicious PHP code · Target application with vulnerable parameter exposed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by SwEET-DeViL · textwebappsphp
https://www.exploit-db.com/exploits/28040

The provided text describes a remote file inclusion vulnerability in dotWidget for Articles, where unsanitized user input allows arbitrary remote file inclusion. No actual exploit code is present, only a description and example URL.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: dotWidget for Articles
No auth needed
Prerequisites: Remote file inclusion must be enabled on the target server · Attacker-controlled remote file with malicious PHP code
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by SwEET-DeViL · textwebappsphp
https://www.exploit-db.com/exploits/28043

The provided text describes a remote file inclusion vulnerability in dotWidget for Articles, where unsanitized user input allows arbitrary PHP code execution via remote file inclusion. It references a specific example URL but lacks actual exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: dotWidget for Articles (version unspecified)
No auth needed
Prerequisites: Remote file inclusion must be enabled on the target server · Attacker-controlled remote server hosting malicious PHP code
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by SwEET-DeViL · textwebappsphp
https://www.exploit-db.com/exploits/28046

The provided text describes a remote file inclusion vulnerability in dotWidget for Articles, where unsanitized user input allows arbitrary PHP code execution via malicious file inclusion. It references specific attack vectors but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: dotWidget for Articles (version unspecified)
No auth needed
Prerequisites: Network access to the target application · Ability to host a malicious PHP file on a remote server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by SwEET-DeViL · textwebappsphp
https://www.exploit-db.com/exploits/28045

The provided text describes a remote file inclusion vulnerability in dotWidget for Articles, where unsanitized input allows arbitrary PHP code execution via malicious file inclusion. It references specific vulnerable parameters and related advisories.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: dotWidget for Articles
No auth needed
Prerequisites: Access to vulnerable dotWidget for Articles installation · Ability to host malicious PHP file on a remote server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by SwEET-DeViL · textwebappsphp
https://www.exploit-db.com/exploits/28041

The provided text describes a remote file inclusion vulnerability in dotWidget for Articles, where unsanitized input allows arbitrary remote file inclusion. It includes example URLs demonstrating the exploit but lacks executable code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: dotWidget for Articles
No auth needed
Prerequisites: Remote file hosting with malicious PHP code · Target application with vulnerable input sanitization
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by SwEET-DeViL · textwebappsphp
https://www.exploit-db.com/exploits/28042

The provided text describes a remote file inclusion vulnerability in dotWidget for Articles, where unsanitized user input allows arbitrary remote file inclusion. The example URL demonstrates how an attacker could include a malicious PHP file (e.g., r57shell.txt) via the 'admin_footer_file' parameter.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: dotWidget for Articles (version not specified)
No auth needed
Prerequisites: Remote file inclusion must be enabled on the target server · Attacker must be able to host a malicious PHP file on an accessible web server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/437483
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2308
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/18479
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27327

Scores

EPSS 0.0636
EPSS Percentile 92.8%

Details

Status published
Products (1)
keith_reichley/dotwidget_for_articles 0.2
Published Feb 24, 2007
Tracked Since Feb 18, 2026