Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1816

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-1816
Last Modified 05 Sep 2008 05:02:55
Published 18 Apr 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1816

Summary

PHP remote file inclusion vulnerability in VBulletin 3.5.1, 3.5.2, and 3.5.4 allows remote attackers to execute arbitrary code via a URL in the systempath parameter to (1) ImpExModule.php, (2) ImpExController.php, and (3) ImpExDisplay.php.

Vulnerable Systems

Application

  • Jelsoft Vbulletin 3.5.1

  • Jelsoft Vbulletin 3.5.2

  • Jelsoft Vbulletin 3.5.4


References

BUGTRAQ - 20060412 Remote File Inclusion in VBulletin ImpEx

XF - impex-systempath-file-include(34095)

XF - impex-multiple-file-inclusion(25789)

BUGTRAQ - 20070504 Remote File Include In Script impex

OSVDB - 24692

OSVDB - 24691

OSVDB - 24690

SECUNIA - 19352


Last Updated: 27 May 2016 10:42:14