Vulnerabilities > CVE-2006-1022 - Remote PHP Script Code Injection vulnerability in Pehepe Membership Management System 3.0

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
pehepe
exploit available

Summary

PHP remote file include vulnerability in sol_menu.php in PeHePe Uyelik Sistemi (aka PeHePe MemberShip Management System) 3 allows remote attackers to include and execute arbitrary PHP code via a URL in the uye_klasor parameter, along with a misafir[] parameter that is set to UYE_SEVIYE. This vulnerability affects PeHePe, Membership Management System (a.k.a Uyelik Sistemi) versions 3.0 and previous.

Vulnerable Configurations

Part Description Count
Application
Pehepe
1

Exploit-Db

descriptionPEHEPE Membership Management System v3 Remote PHP Script Code Injection Vulnerability. CVE-2006-1022. Webapps exploit for php platform
idEDB-ID:27339
last seen2016-02-03
modified2006-02-28
published2006-02-28
reporterYunus Emre Yilmaz
sourcehttps://www.exploit-db.com/download/27339/
titlePEHEPE Membership Management System 3.0 - Remote PHP Script Code Injection Vulnerability