CVE-2006-4664 - PHP remote file inclusion vulnerability in includes/functions_portal.php in Premod Shadow 2.7.1 and

CVE-2006-4664

Summary

PHP remote file inclusion vulnerability in includes/functions_portal.php in Premod Shadow 2.7.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

References

http://rst-crew.net/premodshadow.txt
http://www.securityfocus.com/bid/19874
http://secunia.com/advisories/21803
http://securityreason.com/securityalert/1535
http://www.vupen.com/english/advisories/2006/3512
https://exchange.xforce.ibmcloud.com/vulnerabilities/28765
https://www.exploit-db.com/exploits/2311
http://www.securityfocus.com/archive/1/445519/100/0/threaded

Vulnerable Configurations

cpe:2.3:a:premod_shadow:premod_shadow:*:*:*:*:*:*:*:*
cpe:2.3:a:premod_shadow:premod_shadow:*:*:*:*:*:*:*:*

CVSS

Base:	5.1 (as of 14-02-2024 - 01:17)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:H/Au:N/C:P/I:P/A:P

refmap via4

bid	19874
bugtraq	20060907 Shadow Prémod <= 2.7.1 [phpbb_root_path] Remote File Include Vulnerability
exploit-db	2311
misc	http://rst-crew.net/premodshadow.txt
secunia	21803
sreason	1535
vupen	ADV-2006-3512
xf	premodshadow-phpbbrootpath-file-include(28765)

Last major update

14-02-2024 - 01:17

Published

09-09-2006 - 00:04

Last modified

14-02-2024 - 01:17