Vulnerabilities > CVE-2006-2528 - Remote File Include vulnerability in Smartisoft PHPbazar 2.1.0

047910
CVSS 6.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
smartisoft
exploit available
NVD
Published: 2006-05-22
Updated: 2017-07-20

Summary

PHP remote file inclusion vulnerability in classified_right.php in phpBazar 2.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the language_dir parameter.

Vulnerable Configurations

Part Description Count
Application
Smartisoft
1

Exploit-Db

descriptionphpBazar <= 2.1.0 Remote (Include/Auth Bypass) Vulnerabilities. CVE-2006-2527,CVE-2006-2528. Webapps exploit for php platform
idEDB-ID:1804
last seen2016-01-31
modified2006-05-19
published2006-05-19
reporter[Oo]
sourcehttps://www.exploit-db.com/download/1804/
titlephpBazar <= 2.1.0 - Remote Include/Auth Bypass Vulnerabilities

References