Detections
Analytics

CVE-2006-1819

critical

Description

Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hub_dir parameter, as demonstrated by including access_log. NOTE: in some cases, arbitrary remote file inclusion could be performed under PHP 5 using an SMB share argument such as "\\systemname\sharename".

References

https://www.exploit-db.com/exploits/1673

https://exchange.xforce.ibmcloud.com/vulnerabilities/25867

http://www.vupen.com/english/advisories/2006/1361

http://www.gentoo.org/security/en/glsa/glsa-200605-04.xml

http://securitytracker.com/id?1015942

http://secunia.com/advisories/19914

http://secunia.com/advisories/19647

http://downloads.securityfocus.com/vulnerabilities/exploits/PHPWebSite_fi_poc

Details

Source: Mitre, NVD

Published: 2006-04-18

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical