Vulnerabilities > CVE-2006-2005 - Remote Code Execution vulnerability in Clansys 1.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Eval injection vulnerability in index.php in ClanSys 1.1 allows remote attackers to execute arbitrary PHP code via PHP code in the page parameter, as demonstrated by using an "include" statement that is injected into the eval statement. NOTE: this issue has been described as file inclusion by some sources, but that is just one attack; the primary vulnerability is eval injection.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Clansys. CVE-2006-2005. Webapps exploit for php platform |
id | EDB-ID:1710 |
last seen | 2016-01-31 |
modified | 2006-04-23 |
published | 2006-04-23 |
reporter | nukedx |
source | https://www.exploit-db.com/download/1710/ |
title | Clansys <= 1.1 index.php page PHP Code Insertion Vulnerability |
References
- http://securityreason.com/securityalert/782
- http://securitytracker.com/id?1015988
- http://www.nukedx.com/?getxpl=29
- http://www.osvdb.org/25083
- http://www.securityfocus.com/archive/1/431873/100/0/threaded
- http://www.securityfocus.com/bid/17660
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25976