CVE-2006-7102

Matthias Dietrich Phpburningportal Quiz-modul < 1.0.1 - Code Injection

Title source: rule

Description

Multiple PHP remote file inclusion vulnerabilities in phpBurningPortal quiz-modul 1.0.1, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the lang_path parameter to (1) quest_delete.php, (2) quest_edit.php, or (3) quest_news.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by r0ut3r · perlwebappsphp

https://www.exploit-db.com/exploits/2563

View Code ZIP pw:eip

References (3)

[Exploit] http://www.securityfocus.com/bid/20547

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/2563

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/29558

Scores

EPSS 0.0536

EPSS Percentile 90.1%

Details

CWE

CWE-94

Status published

Products (1)

matthias_dietrich/phpburningportal_quiz-modul < 1.0.1

Published Mar 03, 2007

Tracked Since Feb 18, 2026