CVE-2006-7080

exV2 CMS < 2.0.4.3 - Directory Traversal & File Deletion via Avatar Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-7080. PoCs published by rgod.

AI-analyzed exploit summary This exploit leverages a vulnerability in exV2 <= 2.0.4.3 where the `extract()` function allows overwriting server variables, leading to remote command execution. It uses two methods depending on `register_globals` settings to write a malicious PHP file and execute commands via HTTP headers.

Description

Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and earlier allows remote attackers to delete arbitrary files via ".." sequences in the old_avatar parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by rgod · phpwebappsphp
https://www.exploit-db.com/exploits/2415

This exploit leverages a vulnerability in exV2 <= 2.0.4.3 where the `extract()` function allows overwriting server variables, leading to remote command execution. It uses two methods depending on `register_globals` settings to write a malicious PHP file and execute commands via HTTP headers.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: exV2 <= 2.0.4.3
No auth needed
Prerequisites: Target running exV2 <= 2.0.4.3 · Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/20161
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2415
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29130

Scores

EPSS 0.0449
EPSS Percentile 90.2%

Details

Status published
Products (1)
exv2/content_management_system < 2.0.4.3
Published Mar 02, 2007
Tracked Since Feb 18, 2026