Vulnerabilities > CVE-2006-1200 - Remote PHP Script Code Injection vulnerability in Link Bank
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Direct static code injection vulnerability in add_link.txt in daverave Link Bank allows remote attackers to execute arbitrary PHP code via the url_name parameter, which is not sanitized before being stored in links.txt, which is later used in an include statement.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |