cbcvebase.
CVE-2006-5085
published 2006-09-29

CVE-2006-5085: Static code injection vulnerability in config.php in Blog Pixel Motion 2.1.1 allows remote attackers to execute arbitrary PHP code via the nom_blog parameter…

PriorityP259high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
44.36%
98.6th percentile
Static code injection vulnerability in config.php in Blog Pixel Motion 2.1.1 allows remote attackers to execute arbitrary PHP code via the nom_blog parameter, which is injected into include/variables.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
pixel_motionpixel_motion_blog

Detection & IOCsextracted from sources · hover to see the quote

pathconfig.php
urlinclude/variables.php?cmd=
  • Alert on GET requests to include/variables.php with a 'cmd' query parameter, which is the webshell execution endpoint written by the exploit.
  • Flag HTTP requests carrying the User-Agent string '0xzilla', used by the exploit's LWP::UserAgent.
  • Detect GET requests to insere_base.php with login=woot&pass=t00w, which is the hardcoded admin account creation step of the exploit.
  • Monitor include/variables.php for unexpected modification (static code injection): the nom_blog value is written directly into this file, so file-integrity monitoring on this path is warranted.
  • ·The exploit supports optional HTTP proxy routing (--proxh/--proxu/--proxp), meaning attack traffic may arrive via a proxy and the true source IP may not be the attacker's real address.
  • ·The vendor was listed as unpatched at time of disclosure; no official fix was available, so network/WAF controls are the primary mitigation layer.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.