Unrated severityNVD Advisory· Published Feb 25, 2006· Updated Apr 16, 2026

CVE-2006-0887

Description

Eval injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a, when index.php3 from the PHPLib distribution is available on the server, allows remote attackers to execute arbitrary PHP code by including a base64-encoded representation of the code in a cookie. NOTE: this description was significantly updated on 20060605 to reflect new details after an initial vague advisory.

Affected products

Phplib Team/Phplib
cpe:2.3:a:phplib_team:phplib:7.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/16902nvdPatchVendor Advisory
sourceforge.net/project/shownotes.phpnvdPatch
www.vupen.com/english/advisories/2006/0720nvdVendor Advisory
securitytracker.com/idnvd
www.gulftech.orgnvd
www.osvdb.org/23466nvd
www.securityfocus.com/bid/16801nvd
exchange.xforce.ibmcloud.com/vulnerabilities/24873nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.007
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000