Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2877

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2877
Last Modified 05 Sep 2008 05:05:40
Published 06 Jun 2006 08:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2877

Summary

PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlier allows remote attackers to include arbitrary PHP files via the include_prefix parameter in (1) inc/dbase.php, (2) inc/config.php, (3) inc/common.php, and (4) inc/function.php. NOTE: it has been reported that the inc directory is protected by a .htaccess file, so this issue only applies in certain environments or configurations.

Vulnerable Systems

Application

  • Sangwan Kim Bookmark4u 2.0


References

XF - bookmark4u-includeprefix-file-include(26933)

BID - 18281

BUGTRAQ - 20060605 Re: Bookmark4U Remote File Include

BUGTRAQ - 20060604 Bookmark4U Remote File Include

OSVDB - 26602

OSVDB - 26601

OSVDB - 26600

OSVDB - 26599

SECTRACK - 1016224

SREASON - 1058

SECUNIA - 19758


Last Updated: 27 May 2016 10:42:48