CVE-2006-7130

Jinzora < 2.1 - Remote Code Execution via Include Path Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-7130. PoCs published by k1tk4t.

AI-analyzed exploit summary This is a writeup describing a Remote File Inclusion (RFI) vulnerability in Jinzora <= 2.1. The vulnerability allows an attacker to include arbitrary remote files via the 'include_path' parameter in 'media.php'.

Description

PHP remote file inclusion vulnerability in backend/primitives/cache/media.php in Jinzora 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter, a different vector than CVE-2006-6770.

Exploits (1)

exploitdb WRITEUP VERIFIED
by k1tk4t · textwebappsphp
https://www.exploit-db.com/exploits/2512

This is a writeup describing a Remote File Inclusion (RFI) vulnerability in Jinzora <= 2.1. The vulnerability allows an attacker to include arbitrary remote files via the 'include_path' parameter in 'media.php'.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Jinzora <= 2.1
No auth needed
Prerequisites: Network access to the target application · Remote file hosting location
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2512
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29436
Exploit third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2351
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/448290/100/0/threaded
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/20446

Scores

EPSS 0.0284
EPSS Percentile 84.8%

Details

CWE
CWE-94
Status published
Products (21)
jinzora/jinzora 0.1.1
jinzora/jinzora 0.2
jinzora/jinzora 0.3 (3 CPE variants)
jinzora/jinzora 0.3.1
jinzora/jinzora 0.4
jinzora/jinzora 0.5
jinzora/jinzora 0.6.2
jinzora/jinzora 0.7
jinzora/jinzora 0.8.1
jinzora/jinzora 0.8.2
... and 11 more
Published Mar 06, 2007
Tracked Since Feb 18, 2026