Unrated severityNVD Advisory· Published Dec 20, 2006· Updated Apr 23, 2026

CVE-2006-6661

Description

Variable overwrite vulnerability in blog.php in PHP-Update 2.7 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code via multiple vectors that use the extract function, as demonstrated by the (1) f, (2) newmessage, (3) newusername, (4) adminuser, and (5) permission parameters.

Affected products

Php Update/PHP Update
cpe:2.3:a:php-update:php-update:*:*:*:*:*:*:*:*
Range: <=2.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/23407nvd
www.vupen.com/english/advisories/2006/5088nvd
www.exploit-db.com/exploits/2953nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000