CVE-2006-3019

Exp

Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPCMS_INCLUDEPATH parameter to files in parser/include/ including (1) class.parser_phpcms.php, (2) class.session_phpcms.php, (3) class.edit_phpcms.php, (4) class.http_indexer_phpcms.php, (5) class.cache_phpcms.php, (6) class.search_phpcms.php, (7) class.lib_indexer_universal_phpcms.php, and (8) class.layout_phpcms.php, (9) parser/plugs/counter.php, and (10) parser/parser.php. NOTE: the class.cache_phpcms.php vector was also reported to affect 1.1.7.

Published: 2006-06-15 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2006-3019 is rated High Exploit Risk (81.6/100): CVSS High severity, with high exploitation likelihood (EPSS 7.74%, 94th percentile). Core evidence: 10 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +3.80% over the last day, indicating growing attacker interest. Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2006-3019

EDB-ID Source Kind Published Link
29344 exploit_db edb 2006-12-26 Exploit-DB ↗
29343 exploit_db edb 2006-12-26 Exploit-DB ↗
29346 exploit_db edb 2006-12-26 Exploit-DB ↗
29350 exploit_db edb 2006-12-26 Exploit-DB ↗
29345 exploit_db edb 2006-12-26 Exploit-DB ↗
29351 exploit_db edb 2006-12-26 Exploit-DB ↗
29352 exploit_db edb 2006-12-26 Exploit-DB ↗
29348 exploit_db edb 2006-12-26 Exploit-DB ↗
29347 exploit_db edb 2006-12-26 Exploit-DB ↗
29349 exploit_db edb 2006-12-26 Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2006-3019

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 3.94% 7.74% +3.80%
2 2025-12-01 4.82% 3.94% -0.88%
3 2025-10-26 4.82%

Full EPSS history (23 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2006-3019

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.5 2.0 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:P)
Partial availability impact.
10.0 6.4 [email protected]

Weakness enumeration for CVE-2006-3019

Affected software / configurations for CVE-2006-3019

Vendor Product Version Raw CPE
phpcms phpcms 1.2.1_p12 cpe:2.3:a:phpcms:phpcms:1.2.1_p12:*:*:*:*:*:*:*

References for CVE-2006-3019

cvelogic Threat Intelligence