CVE-2006-7181

Name: CVE-2006-7181
Creator: NVD / NIST
Published: 2007-03-30T10:19:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.18%

Last modified Jun 16, 2026

CVE-2006-7181 is a vulnerability of currently unknown severity. Multiple PHP remote file inclusion vulnerabilities in Morcego CMS 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) fichero parameter to morcegoCMS.php or the (2) path parameter to adodb/adodb.inc.php. NOTE: vector 1 has been disputed by a third party who shows that $fichero can not be controlled by an attacker. EPSS estimates a 2.18% chance of exploitation in the next 30 days.

Description

Multiple PHP remote file inclusion vulnerabilities in Morcego CMS 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) fichero parameter to morcegoCMS.php or the (2) path parameter to adodb/adodb.inc.php. NOTE: vector 1 has been disputed by a third party who shows that $fichero can not be controlled by an attacker

Metrics

EPSS Probability

2.18%

80.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-94

Affected Software

Vendor	Product	Versions
Morcego Cms	Morcego Cms	<= 0.9.6

References

Timeline

Published: Mar 30, 2007
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-7181?

How severe is CVE-2006-7181?

Severity scoring for CVE-2006-7181 is pending analysis. The EPSS model estimates a 2.18% probability of exploitation in the next 30 days.

How do I fix CVE-2006-7181?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-7181?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST