ID CVE-2006-4189
Summary Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3) browse.php, (4) cc.php, (5) click.php, (6) faq.php, (7) gallery.php, (8) im.php, (9) inbox.php, (10) join_form.php, (11) logout.php, (12) messages_inbox.php, and many other scripts.
References
Vulnerable Configurations
  • cpe:2.3:a:boonex:dolphin:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:boonex:dolphin:5.1:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 20-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
refmap via4
bid 21182
osvdb
  • 28473
  • 28474
  • 28478
  • 28479
  • 28485
  • 28492
  • 28493
  • 28496
  • 28498
  • 28499
  • 28500
  • 28501
  • 28502
  • 28503
  • 28504
  • 28505
  • 28506
  • 28507
  • 28508
  • 28509
  • 28510
  • 28511
  • 28512
  • 28513
  • 28514
  • 28515
  • 28516
  • 28517
  • 28519
  • 28520
  • 28521
  • 28522
  • 28523
  • 28524
  • 28525
  • 28526
  • 28527
  • 28528
  • 28529
  • 28530
sectrack 1016692
secunia 21535
vupen ADV-2006-3346
xf dolphin-dirinc-file-include(28363)
Last major update 20-07-2017 - 01:32
Published 17-08-2006 - 01:04
Last modified 20-07-2017 - 01:32
Back to Top