CVE-2006-1478 - Directory traversal vulnerability in (1) initiate.php and (2) possibly other PHP scripts in Turnkey

CVE-2006-1478

Summary

Directory traversal vulnerability in (1) initiate.php and (2) possibly other PHP scripts in Turnkey Web Tools PHP Live Helper 1.8, and possibly later versions, allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by uploading PHP code in a gl_session cookie to users.php, which causes the code to be stored in error.log, which is then included by initiate.php. This vulnerability may affect all other versions of Turnkey Web Tools, PHP Live Helper.

References

Vulnerable Configurations

cpe:2.3:a:turnkey_web_tools:php_live_helper:1.8:*:*:*:*:*:*:*
cpe:2.3:a:turnkey_web_tools:php_live_helper:1.8:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 18-10-2018 - 16:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bugtraq	20060327 PHPLiveHelper 1.8 remote command execution (include) Xploit (perl)
misc	http://www.turnkeywebtools.com/forum/showthread.php?p=10415 http://www.worlddefacers.de/Public/WD-TMPLH.txt
secunia	19428
sreason	641
xf	phplivehelper-abspath-file-include(25489)

Last major update

18-10-2018 - 16:32

Published

29-03-2006 - 01:06

Last modified

18-10-2018 - 16:32