Vulnerabilities > CVE-2006-7183 - Remote File Include vulnerability in Exhibit Engine 2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
PHP remote file inclusion vulnerability in styles.php in Exhibit Engine (EE) 1.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Exhibit Engine <= 1.22 (styles.php) Remote File Include Vulnerability. CVE-2006-7183. Webapps exploit for php platform |
| file | exploits/php/webapps/2850.txt |
| id | EDB-ID:2850 |
| last seen | 2016-01-31 |
| modified | 2006-11-25 |
| platform | php |
| port | |
| published | 2006-11-25 |
| reporter | Kacper |
| source | https://www.exploit-db.com/download/2850/ |
| title | Exhibit Engine <= 1.22 styles.php Remote File Include Vulnerability |
| type | webapps |
Nessus
| NASL family | CGI abuses |
| NASL id | EXHIBIT_ENGINE_RFI.NASL |
| description | The remote web server is running Exhibit Engine, a PHP based photo gallery management system. The version of Exhibit Engine installed on the remote host fails to sanitize input to the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 23640 |
| published | 2006-11-14 |
| reporter | This script is Copyright (C) 2006-2018 Justin Seitz |
| source | https://www.tenable.com/plugins/nessus/23640 |
| title | Exhibit Engine styles.php toroot Parameter Remote File Inclusion |