Unrated severityNVD Advisory· Published Aug 16, 2006· Updated Apr 16, 2026

CVE-2006-4156

Description

PHP remote file inclusion vulnerability in big.php in pearlabs mafia moblog 6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pathtotemplate parameter. NOTE: a third party claims that the researcher is incorrect, because template.php defines pathtotemplate before big.php uses pathtotemplate. CVE has not verified either claim, but during August 2006, the original researcher made several significant errors regarding this bug type

Affected products

Pearlabs/Mafia Moblog
cpe:2.3:a:pearlabs:mafia_moblog:*:*:*:*:*:*:*:*
Range: <=6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

securityreason.com/securityalert/1391nvd
www.securityfocus.com/archive/1/442867/100/0/threadednvd
www.securityfocus.com/archive/1/443153/100/0/threadednvd
www.securityfocus.com/bid/19458nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000