Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3554


Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3554
Last Modified 07 Mar 2011 09:38:53
Published 12 Jul 2006 08:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Directory traversal vulnerability in index.php in MKPortal 1.0.1 Final allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by using a gl_session cookie to inject PHP sequences into the error.log file, which is then included by index.php with malicious commands accessible by the ind parameter.

Vulnerable Systems


  • Mkportal 1.0.1 Final


SECUNIA - 20884


VUPEN - ADV-2006-2598

BUGTRAQ - 20060628 MKPortal 1.0.1 Final ($ind) File Include Vulnerability (perl)

SECTRACK - 1016403

XF - mkportal-index-file-include(27451)

BID - 18707

SREASON - 1234

Last Updated: 27 May 2016 10:43:02