CVE-2006-4738

CVE Database · CVE-2006-4738

CVE-2006-4738

· N/AModified

CVSS v3.1

N/A

EPSS

1.44%

Published

Sep 13, 2006

Modified

Apr 15, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

PHP remote file inclusion vulnerability in phpthumb.php in Jetbox CMS allows remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter. NOTE: The relative_script_path vector is already covered by CVE-2006-2270.

Affected Products (1)

jetbox · jetbox_cmsvulnerable

References (8)

http://securityreason.com/securityalert/1562

http://www.securityfocus.com/archive/1/445652/100/0/threaded

http://www.securityfocus.com/bid/19303

https://exchange.xforce.ibmcloud.com/vulnerabilities/28843

http://securityreason.com/securityalert/1562

http://www.securityfocus.com/archive/1/445652/100/0/threaded

http://www.securityfocus.com/bid/19303

https://exchange.xforce.ibmcloud.com/vulnerabilities/28843

KEV Catalog EPSS Scores Vendors All CVEs