Vulnerabilities > CVE-2006-0687 - Remote File Include vulnerability in Docmgr 0.54.2

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
docmgr
exploit available
NVD
Published: 2006-02-15
Updated: 2018-10-19

Summary

process.php in DocMGR 0.54.2 does not initialize the $siteModInfo variable when a direct request is made, which allows remote attackers to include arbitrary local files or possibly remote files via a modified includeModule and siteModInfo variable.

Vulnerable Configurations

Part Description Count
Application
Docmgr
1

Exploit-Db

descriptionDocMGR <= 0.54.2 (file_exists) Remote Commands Execution Exploit. CVE-2006-0687. Webapps exploit for php platform
idEDB-ID:1491
last seen2016-01-31
modified2006-02-11
published2006-02-11
reporterrgod
sourcehttps://www.exploit-db.com/download/1491/
titleDocMGR <= 0.54.2 file_exists Remote Commands Execution Exploit

References