CVE-2006-7120

maintain 3.0.0-RC2 - Remote File Inclusion via phphtmllib Parameter

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-7120. PoCs published by ERNE.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in Maintain 3.0.0 RC2 due to improper input sanitization. An attacker can include and execute arbitrary PHP code by manipulating the 'phphtmllib' parameter in a specific URL.

Description

PHP remote file inclusion vulnerability in lib/php/phphtmllib-2.5.4/examples/example6.php for maintain 3.0.0-RC2 allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter. NOTE: this issue might be in phpHtmlLib. NOTE: CVE disputes this issue for proper installations of maintain, since $phphtmllib is set in includes.inc before being used in example6.php

Exploits (1)

exploitdb WORKING POC VERIFIED
by ERNE · textwebappsphp
https://www.exploit-db.com/exploits/28821

This exploit demonstrates a remote file inclusion vulnerability in Maintain 3.0.0 RC2 due to improper input sanitization. An attacker can include and execute arbitrary PHP code by manipulating the 'phphtmllib' parameter in a specific URL.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Maintain 3.0.0 RC2
No auth needed
Prerequisites: Access to the target URL · Ability to host a malicious PHP file on a remote server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29596
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/20560
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2359
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/448780/100/0/threaded

Scores

EPSS 0.0357
EPSS Percentile 87.9%

Details

Status published
Products (1)
osu_open_source_lab/maintain 3.0.0_rc_2
Published Mar 06, 2007
Tracked Since Feb 18, 2026