CVE-2006-4863: Multiple PHP remote file inclusion vulnerabilities in Marc Cagninacci mcLinksCounter 1.1 allow remote attackers to execute arbitrary PHP code via a UR...

Description

Multiple PHP remote file inclusion vulnerabilities in Marc Cagninacci mcLinksCounter 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the langfile parameter in (1) login.php, (2) stats.php, (3) detail.php, or (4) erase.php. NOTE: CVE and a third party dispute this vulnerability, because the langfile parameter is set to english.php in each file. NOTE: CVE also disputes a later report of this vulnerability in 1.2, because the langfile parameter is set to french.php in 1.2

Metrics

EPSS Probability

2.86%

85.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-94

Affected Software

Vendor	Product	Versions
Marc Cagninacci	Mclinkscounter	1.1

References

Timeline

Published: Sep 19, 2006
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-4863?

Multiple PHP remote file inclusion vulnerabilities in Marc Cagninacci mcLinksCounter 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the langfile parameter in (1) login.php, (2) stats.php, (3) detail.php, or (4) erase.php. NOTE: CVE and a third party dispute this vulnerability, because the langfile parameter is set to english.php in each file. NOTE: CVE also disputes a later report of this vulnerability in 1.2, because the langfile parameter is set to french.php in 1.2

How severe is CVE-2006-4863?

Severity scoring for CVE-2006-4863 is pending analysis. The EPSS model estimates a 2.86% probability of exploitation in the next 30 days.

How do I fix CVE-2006-4863?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.