ID CVE-2006-3771
Summary Multiple PHP remote file inclusion vulnerabilities in component.php in iManage CMS 4.0.12 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) articles.php, (2) contact.php, (3) displaypage.php, (4) faq.php, (5) mainbody.php, (6) news.php, (7) registration.php, (8) whosOnline.php, (9) components/com_calendar.php, (10) components/com_forum.php, (11) components/minibb/index.php, (12) components/minibb/bb_admin.php, (13) components/minibb/bb_plugins.php, (14) modules/mod_calendar.php, (15) modules/mod_browser_prefs.php, (16) modules/mod_counter.php, (17) modules/mod_online.php, (18) modules/mod_stats.php, (19) modules/mod_weather.php, (20) themes/bizz.php, (21) themes/default.php, (22) themes/simple.php, (23) themes/original.php, (24) themes/portal.php, (25) themes/purple.php, and other unspecified files.
References
Vulnerable Configurations
  • cpe:2.3:a:imaginex-resource:imanage_cms:*:*:*:*:*:*:*:*
    cpe:2.3:a:imaginex-resource:imanage_cms:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 17-10-2018 - 21:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 19090
bugtraq 20060720 [ECHO_ADV_40$2006] iManage CMS <= 4.0.12 (absolute_path) Remote File Inclusion
exploit-db 2046
misc http://advisories.echo.or.id/adv/adv40-matdhule-2006.txt
osvdb
  • 28647
  • 28648
  • 28649
  • 28650
  • 28651
  • 28652
  • 28653
  • 28654
  • 28655
  • 28656
  • 28657
  • 28658
  • 28659
  • 28660
  • 28661
  • 28662
  • 28663
  • 28664
  • 28665
  • 28666
  • 28667
  • 28668
  • 28669
  • 28670
  • 28671
sectrack 1016551
sreason 1265
xf imanagecms-absolutepath-file-include(27875)
Last major update 17-10-2018 - 21:30
Published 24-07-2006 - 12:19
Last modified 17-10-2018 - 21:30
Back to Top