3 matches found
CVE-2006-7183
creationtimestamp| type| source ---|---|--- 2026-06-20 01:07:08+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mooo5n3upo2j...
CVE-2006-7183
CVE-2006-7183 affects Exhibit Engine (EE) up to version 1.22. The issue is a PHP remote file inclusion in styles.php via the toroot parameter, allowing an attacker to cause arbitrary PHP code execution on the vulnerable server. The exploit uses a URL in toroot to include attacker-controlled code....
Exhibit Engine styles.php toroot Parameter Remote File Inclusion
The remote web server is running Exhibit Engine, a PHP based photo gallery management system. The version of Exhibit Engine installed on the remote host fails to sanitize input to the 'toroot' parameter before using it in the 'styles.php' script to include PHP code. Provided PHP's 'registerglobal...