Vulnerabilities > CVE-2006-0687 - Remote File Include vulnerability in Docmgr 0.54.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
process.php in DocMGR 0.54.2 does not initialize the $siteModInfo variable when a direct request is made, which allows remote attackers to include arbitrary local files or possibly remote files via a modified includeModule and siteModInfo variable.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | DocMGR <= 0.54.2 (file_exists) Remote Commands Execution Exploit. CVE-2006-0687. Webapps exploit for php platform |
id | EDB-ID:1491 |
last seen | 2016-01-31 |
modified | 2006-02-11 |
published | 2006-02-11 |
reporter | rgod |
source | https://www.exploit-db.com/download/1491/ |
title | DocMGR <= 0.54.2 file_exists Remote Commands Execution Exploit |
References
- http://retrogod.altervista.org/docmgr_0542_incl_xpl.html
- http://secunia.com/advisories/18803
- http://securityreason.com/securityalert/428
- http://www.securityfocus.com/archive/1/424818/100/0/threaded
- http://www.securityfocus.com/bid/16601
- http://www.vupen.com/english/advisories/2006/0544
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24694