CVE-2006-6966

Exp

phpGraphy before 0.9.13a does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a config.php file via the pictures[] parameter to index.php. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpGraphy.

Published: 2007-02-04 Last update: 2026-04-23 Assigner: [email protected] Source: [email protected]

NVD Status：Modified，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2006-6966 is rated High Exploit Risk (76.5/100): CVSS High severity, with medium exploitation likelihood (EPSS 4.00%). Core evidence: 3 public exploit reference(s) are indexed (Exploit-DB). Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2006-6966

EDB-ID	Source	Kind	Published	Link
2867	exploit_db	edb	2006-11-30	Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2006-6966

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-09-23	3.31%	4.00%	+0.69%
2	2025-04-21	3.11%	3.31%	+0.20%
3	2025-03-30	—	3.11%	—

Full EPSS history (11 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2006-6966

CVSS metrics for this CVE.

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
7.5	2.0	HIGH	`AV:N/AC:L/Au:N/C:P/I:P/A:P` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:P) Partial integrity impact. Availability impact (A:P) Partial availability impact.	10.0	6.4	[email protected]

Weakness enumeration for CVE-2006-6966

Affected software / configurations for CVE-2006-6966

Vendor	Product	Version	Raw CPE
phpgraphy	phpgraphy	<= 0.9.13	cpe:2.3:a:phpgraphy:phpgraphy::::::::
phpgraphy	phpgraphy	0.9	cpe:2.3:a:phpgraphy:phpgraphy:0.9:::::::*
phpgraphy	phpgraphy	0.9.1	cpe:2.3:a:phpgraphy:phpgraphy:0.9.1:::::::*
phpgraphy	phpgraphy	0.9.2	cpe:2.3:a:phpgraphy:phpgraphy:0.9.2:::::::*
phpgraphy	phpgraphy	0.9.3	cpe:2.3:a:phpgraphy:phpgraphy:0.9.3:::::::*
phpgraphy	phpgraphy	0.9.4	cpe:2.3:a:phpgraphy:phpgraphy:0.9.4:::::::*
phpgraphy	phpgraphy	0.9.5	cpe:2.3:a:phpgraphy:phpgraphy:0.9.5:::::::*
phpgraphy	phpgraphy	0.9.6	cpe:2.3:a:phpgraphy:phpgraphy:0.9.6:::::::*
phpgraphy	phpgraphy	0.9.7	cpe:2.3:a:phpgraphy:phpgraphy:0.9.7:::::::*
phpgraphy	phpgraphy	0.9.8	cpe:2.3:a:phpgraphy:phpgraphy:0.9.8:::::::*
phpgraphy	phpgraphy	0.9.9	cpe:2.3:a:phpgraphy:phpgraphy:0.9.9:::::::*
phpgraphy	phpgraphy	0.9.9a	cpe:2.3:a:phpgraphy:phpgraphy:0.9.9a:::::::*
phpgraphy	phpgraphy	0.9.10	cpe:2.3:a:phpgraphy:phpgraphy:0.9.10:::::::*
phpgraphy	phpgraphy	0.9.10a	cpe:2.3:a:phpgraphy:phpgraphy:0.9.10a:::::::*
phpgraphy	phpgraphy	0.9.11	cpe:2.3:a:phpgraphy:phpgraphy:0.9.11:::::::*
phpgraphy	phpgraphy	0.9.12	cpe:2.3:a:phpgraphy:phpgraphy:0.9.12:::::::*

References for CVE-2006-6966

URL	Tags
http://phpgraphy.sourceforge.net/changelog.php
http://retrogod.altervista.org/phpgraphy_0912_zhdkoi_cmd.html	Exploit
http://securitytracker.com/id?1017571	Exploit
http://sourceforge.net/forum/forum.php?forum_id=659277	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/30634

cvelogic Threat Intelligence