Main Vulnerability Database Exploits ID:11507 - Exploit for Path traversal in PHP - CVE-2006-1494

ID:11507 - Exploit for Path traversal in PHP - CVE-2006-1494

Published: June 9, 2025

Vulnerability identifier: #VU110487

Vulnerability risk: Low

CVE-ID: CVE-2006-1494

CWE-ID: CWE-22

Exploitation vector: Remote access

Vulnerable software:
PHP

Link to public exploit:

https://www.exploit-db.com/exploits/27595/

Vulnerability description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions. A remote authenticated attacker can send a specially crafted HTTP request and remote attackers to create files in arbitrary directories via the tempnam function.

Remediation

Install update from vendor's website.

ID:11507 - Exploit for Path traversal in PHP - CVE-2006-1494

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human