CVE-2006-7099

SolarPay - Directory Traversal via Read Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-7099. PoCs published by Hasadya Raed.

AI-analyzed exploit summary The provided text describes a local file inclusion vulnerability in SolarPay, where unsanitized user input allows attackers to access restricted files. The example URL demonstrates path traversal to access an admin file.

Description

Directory traversal vulnerability in index.php in SolarPay allows remote attackers to read certain files via a .. (dot dot) in the read parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Hasadya Raed · textwebappsphp

https://www.exploit-db.com/exploits/29663

View Code ZIP pw:eip

The provided text describes a local file inclusion vulnerability in SolarPay, where unsanitized user input allows attackers to access restricted files. The example URL demonstrates path traversal to access an admin file.

Classification

Writeup 80%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: SolarPay (version unspecified)

No auth needed

Prerequisites: Access to the vulnerable web application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/22722

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/34693

Scores

EPSS 0.0240

EPSS Percentile 81.9%

Details

Status published

Products (1)

solarpay/solarpay .

Published Mar 03, 2007

Tracked Since Feb 18, 2026