Unrated severityNVD Advisory· Published Sep 8, 2006· Updated Jun 16, 2026

CVE-2006-4636

Description

Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Szewo/Phpcommander2 versions
cpe:2.3:a:szewo:phpcommander:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:szewo:phpcommander:*:*:*:*:*:*:*:*range: <=3.0
- (no CPE)range: <=3.0

Patches

Vulnerability mechanics

References

www.securityfocus.com/bid/19867nvdExploit
secunia.com/advisories/21753nvdVendor Advisory
www.vupen.com/english/advisories/2006/3472nvd
www.exploit-db.com/exploits/2310nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000