Vulnerabilities > CVE-2006-0164 - Remote File Include vulnerability in Phgstats Phgstats.Inc.PHP

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

woah-projekt

NVD

Published: 2006-01-11

Updated: 2017-07-20

Summary

phgstats.inc.php in phgstats before 0.5.1, if register_globals is enabled, allows remote attackers to include arbitrary files and execute arbitrary PHP code by modifying the PHGDIR variable.

Vulnerable Configurations

Part	Description	Count
Application	Woah-Projekt Woah Projekt Phgstats 0.1 Woah Projekt Phgstats 0.2 Woah Projekt Phgstats 0.3 Woah Projekt Phgstats 0.3.1 Woah Projekt Phgstats 0.4 Woah Projekt Phgstats 0.4.1 Woah Projekt Phgstats 0.4.2 Woah Projekt Phgstats 0.5	8

References

http://secunia.com/advisories/18346
http://sourceforge.net/project/shownotes.php?release_id=384232
http://www.osvdb.org/22302
http://www.securityfocus.com/bid/17469
http://www.vupen.com/english/advisories/2006/0123
https://exchange.xforce.ibmcloud.com/vulnerabilities/24062