Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1767

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-1767
Last Modified 05 Sep 2008 05:02:47
Published 13 Apr 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1767

Summary

Multiple PHP remote file inclusion vulnerabilities in nicecoder.com INDEXU 5.0.0 and 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the theme_path parameter in (1) index.php, (2) become_editor.php, (3) add.php, (4) bad_link.php, (5) browse.php, (6) detail.php, (7) fav.php, (8) get_rated.php, (9) login.php, (10) mailing_list.php, (11) new.php, (12) modify.php, (13) pick.php, (14) power_search.php, (15) rating.php, (16) register.php, (17) review.php, (18) rss.php, (19) search.php, (20) send_pwd.php, (21) sendmail.php, (22) tell_friend.php, (23) top_rated.php, (24) user_detail.php, and (25) user_search.php; and the (26) base_path parameter in invoice.php.

Vulnerable Systems

Application

  • Nicecoder Indexu 5.0

  • Nicecoder Indexu 5.0.1


References

BID - 17470

BUGTRAQ - 20060411 INDEXU <= 5.0.1 (theme_path)and (base_path) Remote File Inclusion Exploit

SECTRACK - 1015891

OSVDB - 28427

OSVDB - 28426

OSVDB - 28425

OSVDB - 28422

OSVDB - 28419

OSVDB - 28417

OSVDB - 28416

OSVDB - 28415

OSVDB - 28413

OSVDB - 28412

OSVDB - 28410

OSVDB - 28409

OSVDB - 28406

OSVDB - 24597

OSVDB - 24596

SECTRACK - 1016331

MISC - http://ftp.kep.online.fr/Indexu_5.0.1_File_Inclusion_Exploit-by_King-Hacker_and-Khamaileon.txt


Last Updated: 27 May 2016 10:42:10