Vulnerabilities > CVE-2006-2747 - Local File Include vulnerability in PHPMyDesktop Arcade
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Directory traversal vulnerability in index.php in PhpMyDesktop|arcade 1.0 FINAL allows remote attackers to read arbitrary files or execute PHP code via a .. (dot dot) sequence and trailing null (%00) byte in the subsite parameter in a showsubsite todo. Successful exploitation requires that "magic_quotes_gpc" is disabled.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | PHPMyDesktop|arcade 1.0 Index.PHP Local File Include Vulnerability. CVE-2006-2747. Webapps exploit for php platform |
| id | EDB-ID:27926 |
| last seen | 2016-02-03 |
| modified | 2006-05-31 |
| published | 2006-05-31 |
| reporter | darkgod |
| source | https://www.exploit-db.com/download/27926/ |
| title | PHPMyDesktop/Arcade 1.0 - Index.PHP Local File Include Vulnerability |
References
- http://secunia.com/advisories/20373
- http://securityreason.com/securityalert/1009
- http://securitytracker.com/id?1016180
- http://www.securityfocus.com/archive/1/435365/100/0/threaded
- http://www.securityfocus.com/bid/18185
- http://www.vupen.com/english/advisories/2006/2065
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26724