CVE-2006-4969 - Multiple PHP remote file inclusion vulnerabilities in WAHM E-Commerce Pie Cart Pro allow remote atta

CVE-2006-4969

Summary

Multiple PHP remote file inclusion vulnerabilities in WAHM E-Commerce Pie Cart Pro allow remote attackers to execute arbitrary PHP code via a URL in the Inc_Dir parameter in (1) affiliates.php, (2) orders.php, (3) events.php, (4) index.php, (5) articles.php, (6) faqs.php, (7) guestbook.php, (8) catalog.php, (9) wholesale.php, (10) weblinks.php, (11) certificates.php, (12) sitesearch.php, (13) contact.php, (14) sitemap.php, (15) search.php, (16) registry.php, or (17) error.php.

References

Vulnerable Configurations

cpe:2.3:a:wahm_e-commerce:pie_cart_pro:*:*:*:*:*:*:*:*
cpe:2.3:a:wahm_e-commerce:pie_cart_pro:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 19-10-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	20099
exploit-db	2393
osvdb	29198 29199 29200 29201 29202 29203 29204 29205 29206 29207 29208 29209 29210 29211 29212 29213 29214
secunia	22131
vupen	ADV-2006-3798
xf	piecartpro-incdir-file-include(29023)

Last major update

19-10-2017 - 01:29

Published

25-09-2006 - 01:07

Last modified

19-10-2017 - 01:29