Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    12 vulnerabilities by webinsta

    CVE-2011-3816 (GCVE-0-2011-3816)

    Vulnerability from nvd – Published: 2011-09-24 00:00 – Updated: 2024-09-16 22:40
    VLAI
    Summary
    WEBinsta mailing list manager 1.3e allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by install/install3.php and certain other files.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:46:03.091Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/webinsta-mail-list-1.3e"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "WEBinsta mailing list manager 1.3e allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by install/install3.php and certain other files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-09-24T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/webinsta-mail-list-1.3e"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-3816",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "WEBinsta mailing list manager 1.3e allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by install/install3.php and certain other files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
                },
                {
                  "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
                  "refsource": "MISC",
                  "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
                },
                {
                  "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/webinsta-mail-list-1.3e",
                  "refsource": "MISC",
                  "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/webinsta-mail-list-1.3e"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-3816",
        "datePublished": "2011-09-24T00:00:00.000Z",
        "dateReserved": "2011-09-23T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:40:34.188Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2181 (GCVE-0-2007-2181)

    Vulnerability from nvd – Published: 2007-04-24 17:00 – Updated: 2024-08-07 13:23
    VLAI
    Summary
    PHP remote file inclusion vulnerability in admin/login.php in Webinsta FM Manager 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter, a different product and vector than CVE-2005-0748.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.exploit-db.com/exploits/3778 exploitx_refsource_EXPLOIT-DB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2007/1494 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/23592 vdb-entryx_refsource_BID
    http://secunia.com/advisories/24958 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/35261 vdb-entryx_refsource_OSVDB
    Date Public
    2007-04-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:23:50.992Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "3778",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/3778"
              },
              {
                "name": "webinstafm-login-file-include(33793)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33793"
              },
              {
                "name": "ADV-2007-1494",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1494"
              },
              {
                "name": "23592",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23592"
              },
              {
                "name": "24958",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24958"
              },
              {
                "name": "35261",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/35261"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-04-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in admin/login.php in Webinsta FM Manager 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter, a different product and vector than CVE-2005-0748."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "3778",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/3778"
            },
            {
              "name": "webinstafm-login-file-include(33793)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33793"
            },
            {
              "name": "ADV-2007-1494",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1494"
            },
            {
              "name": "23592",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23592"
            },
            {
              "name": "24958",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24958"
            },
            {
              "name": "35261",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/35261"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2181",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in admin/login.php in Webinsta FM Manager 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter, a different product and vector than CVE-2005-0748."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "3778",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/3778"
                },
                {
                  "name": "webinstafm-login-file-include(33793)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33793"
                },
                {
                  "name": "ADV-2007-1494",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1494"
                },
                {
                  "name": "23592",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23592"
                },
                {
                  "name": "24958",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24958"
                },
                {
                  "name": "35261",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/35261"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2181",
        "datePublished": "2007-04-24T17:00:00.000Z",
        "dateReserved": "2007-04-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:23:50.992Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-4217 (GCVE-0-2006-4217)

    Vulnerability from nvd – Published: 2006-08-17 23:00 – Updated: 2024-08-07 18:57
    VLAI
    Summary
    PHP remote file inclusion vulnerability in modules/usersonline/users.php in WEBInsta CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the module_dir parameter, a different vulnerability than CVE-2006-4196. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/21463 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2006-08-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:57:46.389Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "webinsta-modules-file-include(28557)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28557"
              },
              {
                "name": "21463",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21463"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-08-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in modules/usersonline/users.php in WEBInsta CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the module_dir parameter, a different vulnerability than CVE-2006-4196.  NOTE: the provenance of this information is unknown; the details are obtained from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "webinsta-modules-file-include(28557)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28557"
            },
            {
              "name": "21463",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21463"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-4217",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in modules/usersonline/users.php in WEBInsta CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the module_dir parameter, a different vulnerability than CVE-2006-4196.  NOTE: the provenance of this information is unknown; the details are obtained from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "webinsta-modules-file-include(28557)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28557"
                },
                {
                  "name": "21463",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21463"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-4217",
        "datePublished": "2006-08-17T23:00:00.000Z",
        "dateReserved": "2006-08-17T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:57:46.389Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-4209 (GCVE-0-2006-4209)

    Vulnerability from nvd – Published: 2006-08-17 21:00 – Updated: 2024-08-07 18:57
    VLAI
    Summary
    PHP remote file inclusion vulnerability in install3.php in WEBInsta Mailing List Manager 1.3e allows remote attackers to execute arbitrary PHP code via a URL in the cabsolute_path parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2006-08-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:57:46.400Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "19477",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/19477"
              },
              {
                "name": "1404",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1404"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.bb-pcsecurity.de/Websecurity/311/org/WEBInsta_Mailing_list_manager_%28cabsolute_path%29_1.3e_RFI.htm"
              },
              {
                "name": "webinsta-install-file-include(28340)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28340"
              },
              {
                "name": "2171",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/2171"
              },
              {
                "name": "20060810 WEBInsta Mailing list manager (cabsolute_path) 1.3e RFI",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/442983/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-08-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in install3.php in WEBInsta Mailing List Manager 1.3e allows remote attackers to execute arbitrary PHP code via a URL in the cabsolute_path parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "19477",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/19477"
            },
            {
              "name": "1404",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1404"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.bb-pcsecurity.de/Websecurity/311/org/WEBInsta_Mailing_list_manager_%28cabsolute_path%29_1.3e_RFI.htm"
            },
            {
              "name": "webinsta-install-file-include(28340)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28340"
            },
            {
              "name": "2171",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/2171"
            },
            {
              "name": "20060810 WEBInsta Mailing list manager (cabsolute_path) 1.3e RFI",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/442983/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-4209",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in install3.php in WEBInsta Mailing List Manager 1.3e allows remote attackers to execute arbitrary PHP code via a URL in the cabsolute_path parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "19477",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/19477"
                },
                {
                  "name": "1404",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1404"
                },
                {
                  "name": "http://www.bb-pcsecurity.de/Websecurity/311/org/WEBInsta_Mailing_list_manager_(cabsolute_path)_1.3e_RFI.htm",
                  "refsource": "MISC",
                  "url": "http://www.bb-pcsecurity.de/Websecurity/311/org/WEBInsta_Mailing_list_manager_(cabsolute_path)_1.3e_RFI.htm"
                },
                {
                  "name": "webinsta-install-file-include(28340)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28340"
                },
                {
                  "name": "2171",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/2171"
                },
                {
                  "name": "20060810 WEBInsta Mailing list manager (cabsolute_path) 1.3e RFI",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/442983/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-4209",
        "datePublished": "2006-08-17T21:00:00.000Z",
        "dateReserved": "2006-08-17T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:57:46.400Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-4196 (GCVE-0-2006-4196)

    Vulnerability from nvd – Published: 2006-08-17 21:00 – Updated: 2024-08-07 18:57
    VLAI
    Summary
    PHP remote file inclusion vulnerability in index.php in WEBInsta CMS 0.3.1 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the templates_dir parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2006-08-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:57:46.471Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060814 [ECHO_ADV_45$2006] WEBinsta CMS 0.3.1 (templates_dir) Remote File Inclusion Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/443154/100/0/threaded"
              },
              {
                "name": "ADV-2006-3276",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/3276"
              },
              {
                "name": "webinsta-index-file-include(28371)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28371"
              },
              {
                "name": "19489",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/19489"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://my.opera.com/atomo64/blog/show.dml/443167"
              },
              {
                "name": "20060903 Re: [ECHO_ADV_45$2006] WEBinsta CMS 0.3.1 (templates_dir) Remote File Inclusion Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/445083/100/0/threaded"
              },
              {
                "name": "21463",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21463"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://advisories.echo.or.id/adv/adv45-K-159-2006.txt"
              },
              {
                "name": "2175",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/2175"
              },
              {
                "name": "1400",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1400"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-08-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in index.php in WEBInsta CMS 0.3.1 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the templates_dir parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060814 [ECHO_ADV_45$2006] WEBinsta CMS 0.3.1 (templates_dir) Remote File Inclusion Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/443154/100/0/threaded"
            },
            {
              "name": "ADV-2006-3276",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3276"
            },
            {
              "name": "webinsta-index-file-include(28371)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28371"
            },
            {
              "name": "19489",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/19489"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://my.opera.com/atomo64/blog/show.dml/443167"
            },
            {
              "name": "20060903 Re: [ECHO_ADV_45$2006] WEBinsta CMS 0.3.1 (templates_dir) Remote File Inclusion Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/445083/100/0/threaded"
            },
            {
              "name": "21463",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21463"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://advisories.echo.or.id/adv/adv45-K-159-2006.txt"
            },
            {
              "name": "2175",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/2175"
            },
            {
              "name": "1400",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1400"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-4196",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in index.php in WEBInsta CMS 0.3.1 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the templates_dir parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060814 [ECHO_ADV_45$2006] WEBinsta CMS 0.3.1 (templates_dir) Remote File Inclusion Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/443154/100/0/threaded"
                },
                {
                  "name": "ADV-2006-3276",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/3276"
                },
                {
                  "name": "webinsta-index-file-include(28371)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28371"
                },
                {
                  "name": "19489",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/19489"
                },
                {
                  "name": "http://my.opera.com/atomo64/blog/show.dml/443167",
                  "refsource": "MISC",
                  "url": "http://my.opera.com/atomo64/blog/show.dml/443167"
                },
                {
                  "name": "20060903 Re: [ECHO_ADV_45$2006] WEBinsta CMS 0.3.1 (templates_dir) Remote File Inclusion Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/445083/100/0/threaded"
                },
                {
                  "name": "21463",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21463"
                },
                {
                  "name": "http://advisories.echo.or.id/adv/adv45-K-159-2006.txt",
                  "refsource": "MISC",
                  "url": "http://advisories.echo.or.id/adv/adv45-K-159-2006.txt"
                },
                {
                  "name": "2175",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/2175"
                },
                {
                  "name": "1400",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1400"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-4196",
        "datePublished": "2006-08-17T21:00:00.000Z",
        "dateReserved": "2006-08-17T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:57:46.471Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-0748 (GCVE-0-2005-0748)

    Vulnerability from nvd – Published: 2005-03-13 05:00 – Updated: 2024-08-07 21:21
    VLAI
    Summary
    PHP remote file inclusion vulnerability in initdb.php for WEBInsta Mailing list manager 1.3d allows remote attackers to execute arbitrary PHP code by modifying the absolute_path parameter to reference a URL on a remote web server that contains the code.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2005/0248 vdb-entryx_refsource_VUPEN
    http://securitytracker.com/id?1013409 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/14550 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/12773 vdb-entryx_refsource_BID
    Date Public
    2005-03-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T21:21:06.668Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "webinsta-initdb-file-include(19651)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19651"
              },
              {
                "name": "ADV-2005-0248",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/0248"
              },
              {
                "name": "1013409",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1013409"
              },
              {
                "name": "14550",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/14550"
              },
              {
                "name": "12773",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/12773"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-03-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in initdb.php for WEBInsta Mailing list manager 1.3d allows remote attackers to execute arbitrary PHP code by modifying the absolute_path parameter to reference a URL on a remote web server that contains the code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "webinsta-initdb-file-include(19651)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19651"
            },
            {
              "name": "ADV-2005-0248",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/0248"
            },
            {
              "name": "1013409",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1013409"
            },
            {
              "name": "14550",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/14550"
            },
            {
              "name": "12773",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/12773"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-0748",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in initdb.php for WEBInsta Mailing list manager 1.3d allows remote attackers to execute arbitrary PHP code by modifying the absolute_path parameter to reference a URL on a remote web server that contains the code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "webinsta-initdb-file-include(19651)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19651"
                },
                {
                  "name": "ADV-2005-0248",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/0248"
                },
                {
                  "name": "1013409",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1013409"
                },
                {
                  "name": "14550",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/14550"
                },
                {
                  "name": "12773",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/12773"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-0748",
        "datePublished": "2005-03-13T05:00:00.000Z",
        "dateReserved": "2005-03-13T00:00:00.000Z",
        "dateUpdated": "2024-08-07T21:21:06.668Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3816 (GCVE-0-2011-3816)

    Vulnerability from cvelistv5 – Published: 2011-09-24 00:00 – Updated: 2024-09-16 22:40
    VLAI
    Summary
    WEBinsta mailing list manager 1.3e allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by install/install3.php and certain other files.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:46:03.091Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/webinsta-mail-list-1.3e"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "WEBinsta mailing list manager 1.3e allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by install/install3.php and certain other files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-09-24T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/webinsta-mail-list-1.3e"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-3816",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "WEBinsta mailing list manager 1.3e allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by install/install3.php and certain other files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
                },
                {
                  "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
                  "refsource": "MISC",
                  "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
                },
                {
                  "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/webinsta-mail-list-1.3e",
                  "refsource": "MISC",
                  "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/webinsta-mail-list-1.3e"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-3816",
        "datePublished": "2011-09-24T00:00:00.000Z",
        "dateReserved": "2011-09-23T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:40:34.188Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2181 (GCVE-0-2007-2181)

    Vulnerability from cvelistv5 – Published: 2007-04-24 17:00 – Updated: 2024-08-07 13:23
    VLAI
    Summary
    PHP remote file inclusion vulnerability in admin/login.php in Webinsta FM Manager 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter, a different product and vector than CVE-2005-0748.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.exploit-db.com/exploits/3778 exploitx_refsource_EXPLOIT-DB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2007/1494 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/23592 vdb-entryx_refsource_BID
    http://secunia.com/advisories/24958 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/35261 vdb-entryx_refsource_OSVDB
    Date Public
    2007-04-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:23:50.992Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "3778",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/3778"
              },
              {
                "name": "webinstafm-login-file-include(33793)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33793"
              },
              {
                "name": "ADV-2007-1494",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1494"
              },
              {
                "name": "23592",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23592"
              },
              {
                "name": "24958",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24958"
              },
              {
                "name": "35261",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/35261"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-04-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in admin/login.php in Webinsta FM Manager 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter, a different product and vector than CVE-2005-0748."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "3778",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/3778"
            },
            {
              "name": "webinstafm-login-file-include(33793)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33793"
            },
            {
              "name": "ADV-2007-1494",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1494"
            },
            {
              "name": "23592",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23592"
            },
            {
              "name": "24958",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24958"
            },
            {
              "name": "35261",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/35261"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2181",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in admin/login.php in Webinsta FM Manager 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter, a different product and vector than CVE-2005-0748."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "3778",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/3778"
                },
                {
                  "name": "webinstafm-login-file-include(33793)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33793"
                },
                {
                  "name": "ADV-2007-1494",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1494"
                },
                {
                  "name": "23592",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23592"
                },
                {
                  "name": "24958",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24958"
                },
                {
                  "name": "35261",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/35261"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2181",
        "datePublished": "2007-04-24T17:00:00.000Z",
        "dateReserved": "2007-04-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:23:50.992Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-4217 (GCVE-0-2006-4217)

    Vulnerability from cvelistv5 – Published: 2006-08-17 23:00 – Updated: 2024-08-07 18:57
    VLAI
    Summary
    PHP remote file inclusion vulnerability in modules/usersonline/users.php in WEBInsta CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the module_dir parameter, a different vulnerability than CVE-2006-4196. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/21463 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2006-08-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:57:46.389Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "webinsta-modules-file-include(28557)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28557"
              },
              {
                "name": "21463",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21463"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-08-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in modules/usersonline/users.php in WEBInsta CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the module_dir parameter, a different vulnerability than CVE-2006-4196.  NOTE: the provenance of this information is unknown; the details are obtained from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "webinsta-modules-file-include(28557)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28557"
            },
            {
              "name": "21463",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21463"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-4217",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in modules/usersonline/users.php in WEBInsta CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the module_dir parameter, a different vulnerability than CVE-2006-4196.  NOTE: the provenance of this information is unknown; the details are obtained from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "webinsta-modules-file-include(28557)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28557"
                },
                {
                  "name": "21463",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21463"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-4217",
        "datePublished": "2006-08-17T23:00:00.000Z",
        "dateReserved": "2006-08-17T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:57:46.389Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-4209 (GCVE-0-2006-4209)

    Vulnerability from cvelistv5 – Published: 2006-08-17 21:00 – Updated: 2024-08-07 18:57
    VLAI
    Summary
    PHP remote file inclusion vulnerability in install3.php in WEBInsta Mailing List Manager 1.3e allows remote attackers to execute arbitrary PHP code via a URL in the cabsolute_path parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2006-08-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:57:46.400Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "19477",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/19477"
              },
              {
                "name": "1404",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1404"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.bb-pcsecurity.de/Websecurity/311/org/WEBInsta_Mailing_list_manager_%28cabsolute_path%29_1.3e_RFI.htm"
              },
              {
                "name": "webinsta-install-file-include(28340)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28340"
              },
              {
                "name": "2171",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/2171"
              },
              {
                "name": "20060810 WEBInsta Mailing list manager (cabsolute_path) 1.3e RFI",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/442983/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-08-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in install3.php in WEBInsta Mailing List Manager 1.3e allows remote attackers to execute arbitrary PHP code via a URL in the cabsolute_path parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "19477",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/19477"
            },
            {
              "name": "1404",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1404"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.bb-pcsecurity.de/Websecurity/311/org/WEBInsta_Mailing_list_manager_%28cabsolute_path%29_1.3e_RFI.htm"
            },
            {
              "name": "webinsta-install-file-include(28340)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28340"
            },
            {
              "name": "2171",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/2171"
            },
            {
              "name": "20060810 WEBInsta Mailing list manager (cabsolute_path) 1.3e RFI",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/442983/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-4209",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in install3.php in WEBInsta Mailing List Manager 1.3e allows remote attackers to execute arbitrary PHP code via a URL in the cabsolute_path parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "19477",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/19477"
                },
                {
                  "name": "1404",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1404"
                },
                {
                  "name": "http://www.bb-pcsecurity.de/Websecurity/311/org/WEBInsta_Mailing_list_manager_(cabsolute_path)_1.3e_RFI.htm",
                  "refsource": "MISC",
                  "url": "http://www.bb-pcsecurity.de/Websecurity/311/org/WEBInsta_Mailing_list_manager_(cabsolute_path)_1.3e_RFI.htm"
                },
                {
                  "name": "webinsta-install-file-include(28340)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28340"
                },
                {
                  "name": "2171",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/2171"
                },
                {
                  "name": "20060810 WEBInsta Mailing list manager (cabsolute_path) 1.3e RFI",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/442983/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-4209",
        "datePublished": "2006-08-17T21:00:00.000Z",
        "dateReserved": "2006-08-17T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:57:46.400Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-4196 (GCVE-0-2006-4196)

    Vulnerability from cvelistv5 – Published: 2006-08-17 21:00 – Updated: 2024-08-07 18:57
    VLAI
    Summary
    PHP remote file inclusion vulnerability in index.php in WEBInsta CMS 0.3.1 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the templates_dir parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2006-08-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:57:46.471Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060814 [ECHO_ADV_45$2006] WEBinsta CMS 0.3.1 (templates_dir) Remote File Inclusion Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/443154/100/0/threaded"
              },
              {
                "name": "ADV-2006-3276",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/3276"
              },
              {
                "name": "webinsta-index-file-include(28371)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28371"
              },
              {
                "name": "19489",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/19489"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://my.opera.com/atomo64/blog/show.dml/443167"
              },
              {
                "name": "20060903 Re: [ECHO_ADV_45$2006] WEBinsta CMS 0.3.1 (templates_dir) Remote File Inclusion Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/445083/100/0/threaded"
              },
              {
                "name": "21463",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21463"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://advisories.echo.or.id/adv/adv45-K-159-2006.txt"
              },
              {
                "name": "2175",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/2175"
              },
              {
                "name": "1400",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1400"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-08-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in index.php in WEBInsta CMS 0.3.1 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the templates_dir parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060814 [ECHO_ADV_45$2006] WEBinsta CMS 0.3.1 (templates_dir) Remote File Inclusion Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/443154/100/0/threaded"
            },
            {
              "name": "ADV-2006-3276",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3276"
            },
            {
              "name": "webinsta-index-file-include(28371)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28371"
            },
            {
              "name": "19489",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/19489"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://my.opera.com/atomo64/blog/show.dml/443167"
            },
            {
              "name": "20060903 Re: [ECHO_ADV_45$2006] WEBinsta CMS 0.3.1 (templates_dir) Remote File Inclusion Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/445083/100/0/threaded"
            },
            {
              "name": "21463",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21463"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://advisories.echo.or.id/adv/adv45-K-159-2006.txt"
            },
            {
              "name": "2175",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/2175"
            },
            {
              "name": "1400",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1400"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-4196",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in index.php in WEBInsta CMS 0.3.1 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the templates_dir parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060814 [ECHO_ADV_45$2006] WEBinsta CMS 0.3.1 (templates_dir) Remote File Inclusion Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/443154/100/0/threaded"
                },
                {
                  "name": "ADV-2006-3276",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/3276"
                },
                {
                  "name": "webinsta-index-file-include(28371)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28371"
                },
                {
                  "name": "19489",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/19489"
                },
                {
                  "name": "http://my.opera.com/atomo64/blog/show.dml/443167",
                  "refsource": "MISC",
                  "url": "http://my.opera.com/atomo64/blog/show.dml/443167"
                },
                {
                  "name": "20060903 Re: [ECHO_ADV_45$2006] WEBinsta CMS 0.3.1 (templates_dir) Remote File Inclusion Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/445083/100/0/threaded"
                },
                {
                  "name": "21463",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21463"
                },
                {
                  "name": "http://advisories.echo.or.id/adv/adv45-K-159-2006.txt",
                  "refsource": "MISC",
                  "url": "http://advisories.echo.or.id/adv/adv45-K-159-2006.txt"
                },
                {
                  "name": "2175",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/2175"
                },
                {
                  "name": "1400",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1400"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-4196",
        "datePublished": "2006-08-17T21:00:00.000Z",
        "dateReserved": "2006-08-17T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:57:46.471Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-0748 (GCVE-0-2005-0748)

    Vulnerability from cvelistv5 – Published: 2005-03-13 05:00 – Updated: 2024-08-07 21:21
    VLAI
    Summary
    PHP remote file inclusion vulnerability in initdb.php for WEBInsta Mailing list manager 1.3d allows remote attackers to execute arbitrary PHP code by modifying the absolute_path parameter to reference a URL on a remote web server that contains the code.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2005/0248 vdb-entryx_refsource_VUPEN
    http://securitytracker.com/id?1013409 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/14550 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/12773 vdb-entryx_refsource_BID
    Date Public
    2005-03-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T21:21:06.668Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "webinsta-initdb-file-include(19651)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19651"
              },
              {
                "name": "ADV-2005-0248",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/0248"
              },
              {
                "name": "1013409",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1013409"
              },
              {
                "name": "14550",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/14550"
              },
              {
                "name": "12773",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/12773"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-03-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in initdb.php for WEBInsta Mailing list manager 1.3d allows remote attackers to execute arbitrary PHP code by modifying the absolute_path parameter to reference a URL on a remote web server that contains the code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "webinsta-initdb-file-include(19651)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19651"
            },
            {
              "name": "ADV-2005-0248",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/0248"
            },
            {
              "name": "1013409",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1013409"
            },
            {
              "name": "14550",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/14550"
            },
            {
              "name": "12773",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/12773"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-0748",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in initdb.php for WEBInsta Mailing list manager 1.3d allows remote attackers to execute arbitrary PHP code by modifying the absolute_path parameter to reference a URL on a remote web server that contains the code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "webinsta-initdb-file-include(19651)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19651"
                },
                {
                  "name": "ADV-2005-0248",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/0248"
                },
                {
                  "name": "1013409",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1013409"
                },
                {
                  "name": "14550",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/14550"
                },
                {
                  "name": "12773",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/12773"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-0748",
        "datePublished": "2005-03-13T05:00:00.000Z",
        "dateReserved": "2005-03-13T00:00:00.000Z",
        "dateUpdated": "2024-08-07T21:21:06.668Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }