CVE-2006-5762: PHP remote file inclusion vulnerability in forgot_pass.php in Free File Hosting 1.1 and earlier allows remote attackers to execute arbitrary PHP code ...

Description

PHP remote file inclusion vulnerability in forgot_pass.php in Free File Hosting 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: this issue was later reported for the "File Upload System" which is a component of Free File Hosting. This also affects Free Image Hosting 2.0, which contains the same code.

Metrics

EPSS Probability

3.92%

89.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-94

Affected Software

Vendor	Product	Versions
Free Php Scripts	Free File Hosting	<= 1.1
Free Php Scripts	Free Image Hosting	2.0

References

Timeline

Published: Nov 6, 2006
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-5762?

PHP remote file inclusion vulnerability in forgot_pass.php in Free File Hosting 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: this issue was later reported for the "File Upload System" which is a component of Free File Hosting. This also affects Free Image Hosting 2.0, which contains the same code.

How severe is CVE-2006-5762?

Severity scoring for CVE-2006-5762 is pending analysis. The EPSS model estimates a 3.92% probability of exploitation in the next 30 days.

How do I fix CVE-2006-5762?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.