1. CVE-Search
  2. CVE-2006-1767
ID CVE-2006-1767
Summary Multiple PHP remote file inclusion vulnerabilities in nicecoder.com INDEXU 5.0.0 and 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the theme_path parameter in (1) index.php, (2) become_editor.php, (3) add.php, (4) bad_link.php, (5) browse.php, (6) detail.php, (7) fav.php, (8) get_rated.php, (9) login.php, (10) mailing_list.php, (11) new.php, (12) modify.php, (13) pick.php, (14) power_search.php, (15) rating.php, (16) register.php, (17) review.php, (18) rss.php, (19) search.php, (20) send_pwd.php, (21) sendmail.php, (22) tell_friend.php, (23) top_rated.php, (24) user_detail.php, and (25) user_search.php; and the (26) base_path parameter in invoice.php.
References
Vulnerable Configurations
  • cpe:2.3:a:nicecoder:indexu:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:nicecoder:indexu:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:nicecoder:indexu:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:nicecoder:indexu:5.0.1:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 18-10-2018 - 16:36)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 17470
bugtraq 20060411 INDEXU <= 5.0.1 (theme_path)and (base_path) Remote File Inclusion Exploit
misc http://ftp.kep.online.fr/Indexu_5.0.1_File_Inclusion_Exploit-by_King-Hacker_and-Khamaileon.txt
osvdb
  • 24596
  • 24597
  • 28406
  • 28409
  • 28410
  • 28412
  • 28413
  • 28415
  • 28416
  • 28417
  • 28419
  • 28422
  • 28425
  • 28426
  • 28427
sectrack
  • 1015891
  • 1016331
Last major update 18-10-2018 - 16:36
Published 13-04-2006 - 10:02
Last modified 18-10-2018 - 16:36
Back to Top