Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1477

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-1477
Last Modified 07 Mar 2011 09:33:10
Published 28 Mar 2006 08:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1477

Summary

Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools PHP Live Helper 1.8 allow remote attackers to include and execute arbitrary PHP code via the abs_path parameter in (1) initiate.php, (2) waiting.php, (3) welcome.php, (4) admin/index.php, (5) javascript.php, (6) checkchat.php, and (7) blank.php.

Vulnerable Systems

Application

  • Turnkey Web Tools Php Live Helper 1.8


References

MISC - http://www.turnkeywebtools.com/forum/showthread.php?p=10415

MISC - http://www.worlddefacers.de/Public/WD-TMPLH.txt

VUPEN - ADV-2006-1137

BUGTRAQ - 20060327 PHPLiveHelper 1.8 remote command execution (include) Xploit (perl)

SECUNIA - 19428

XF - phplivehelper-abspath-file-include(25489)

BID - 18509

BUGTRAQ - 20060619 Re: PHP Live Helper <=([abs_path]) Remote File Include Vulnerabilities

BUGTRAQ - 20060619 PHP Live Helper <=([abs_path]) Remote File Include Vulnerabilities

OSVDB - 24199

OSVDB - 24198

OSVDB - 24197

OSVDB - 24196

OSVDB - 24195

OSVDB - 24194

OSVDB - 24193


Last Updated: 27 May 2016 10:42:05