1. CVE-Search
  2. CVE-2006-3116
ID CVE-2006-3116
Summary Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.4 and 3.0.5 allow remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) configuration.php, (3) guilds.php, (4) index.php, (5) locations.php, (6) login.php, (7) lua_output.php, (8) permissions.php, (9) profile.php, (10) raids.php, (11) register.php, (12) roster.php, and (13) view.php.
References
Vulnerable Configurations
  • cpe:2.3:a:spiffyjr:phpraid:3.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:spiffyjr:phpraid:3.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:spiffyjr:phpraid:3.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:spiffyjr:phpraid:3.0.5:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 20-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
refmap via4
bid 18719
fulldisc 20060629 Secunia Research: phpRaid SQL Injection and File Inclusion Vulnerabilities
misc http://secunia.com/secunia_research/2006-47/advisory/
osvdb
  • 26891
  • 26892
  • 26893
  • 26894
  • 26895
  • 26896
  • 26897
  • 26898
  • 26899
  • 26900
  • 26901
  • 26902
secunia 20200
xf phpraid-multiple-scripts-file-include(27465)
Last major update 20-07-2017 - 01:32
Published 29-06-2006 - 21:05
Last modified 20-07-2017 - 01:32
Back to Top