Vulnerabilities > CVE-2006-1767 - Unspecified vulnerability in Nicecoder Indexu 5.0/5.0.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN nicecoder
exploit available
Summary
Multiple PHP remote file inclusion vulnerabilities in nicecoder.com INDEXU 5.0.0 and 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the theme_path parameter in (1) index.php, (2) become_editor.php, (3) add.php, (4) bad_link.php, (5) browse.php, (6) detail.php, (7) fav.php, (8) get_rated.php, (9) login.php, (10) mailing_list.php, (11) new.php, (12) modify.php, (13) pick.php, (14) power_search.php, (15) rating.php, (16) register.php, (17) review.php, (18) rss.php, (19) search.php, (20) send_pwd.php, (21) sendmail.php, (22) tell_friend.php, (23) top_rated.php, (24) user_detail.php, and (25) user_search.php; and the (26) base_path parameter in invoice.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
description INDEXU <= 5.0.1 (admin_template_path) Remote Include Vulnerabilities. CVE-2006-0688,CVE-2006-1767,CVE-2006-7017. Webapps exploit for php platform id EDB-ID:1925 last seen 2016-01-31 modified 2006-06-18 published 2006-06-18 reporter CrAsh_oVeR_rIdE source https://www.exploit-db.com/download/1925/ title INDEXU <= 5.0.1 admin_template_path Remote Include Vulnerabilities description Indexu 5.0 Multiple Remote File Include Vulnerabilities. CVE-2006-1767. Webapps exploit for php platform id EDB-ID:27625 last seen 2016-02-03 modified 2006-04-11 published 2006-04-11 reporter SnIpEr_SA source https://www.exploit-db.com/download/27625/ title Indexu 5.0 - Multiple Remote File Include Vulnerabilities
References
- http://ftp.kep.online.fr/Indexu_5.0.1_File_Inclusion_Exploit-by_King-Hacker_and-Khamaileon.txt
- http://ftp.kep.online.fr/Indexu_5.0.1_File_Inclusion_Exploit-by_King-Hacker_and-Khamaileon.txt
- http://securitytracker.com/id?1015891
- http://securitytracker.com/id?1015891
- http://securitytracker.com/id?1016331
- http://securitytracker.com/id?1016331
- http://www.osvdb.org/24596
- http://www.osvdb.org/24596
- http://www.osvdb.org/24597
- http://www.osvdb.org/24597
- http://www.osvdb.org/28406
- http://www.osvdb.org/28406
- http://www.osvdb.org/28409
- http://www.osvdb.org/28409
- http://www.osvdb.org/28410
- http://www.osvdb.org/28410
- http://www.osvdb.org/28412
- http://www.osvdb.org/28412
- http://www.osvdb.org/28413
- http://www.osvdb.org/28413
- http://www.osvdb.org/28415
- http://www.osvdb.org/28415
- http://www.osvdb.org/28416
- http://www.osvdb.org/28416
- http://www.osvdb.org/28417
- http://www.osvdb.org/28417
- http://www.osvdb.org/28419
- http://www.osvdb.org/28419
- http://www.osvdb.org/28422
- http://www.osvdb.org/28422
- http://www.osvdb.org/28425
- http://www.osvdb.org/28425
- http://www.osvdb.org/28426
- http://www.osvdb.org/28426
- http://www.osvdb.org/28427
- http://www.osvdb.org/28427
- http://www.securityfocus.com/archive/1/430599/100/0/threaded
- http://www.securityfocus.com/archive/1/430599/100/0/threaded
- http://www.securityfocus.com/bid/17470
- http://www.securityfocus.com/bid/17470