Vulnerabilities > CVE-2006-2811 - Remote File Include vulnerability in Cantico Ovidentia 5.8.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple PHP remote file inclusion vulnerabilities in Cantico Ovidentia 5.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the babInstallPath parameter in (1) index.php, (2) topman.php, (3) approb.php, (4) vacadmb.php, (5) vacadma.php, (6) vacadm.php, (7) statart.php, (8) search.php, (9) posts.php, (10) options.php, (11) login.php, (12) frchart.php, (13) flbchart.php, (14) fileman.php, (15) faq.php, (16) event.php, (17) directory.php, (18) articles.php, (19) artedit.php, (20) calday.php, and additional unspecified PHP scripts. NOTE: the utilit.php vector is already covered by CVE-2005-1964.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description ovidentia 5.6.x/5.8 vacadmb.php babInstallPath Parameter Remote File Inclusion. CVE-2006-2811. Webapps exploit for php platform id EDB-ID:27950 last seen 2016-02-03 modified 2006-06-02 published 2006-06-02 reporter black-cod3 source https://www.exploit-db.com/download/27950/ title ovidentia 5.6.x/5.8 vacadmb.php babInstallPath Parameter Remote File Inclusion description ovidentia 5.6.x/5.8 vacadma.php babInstallPath Parameter Remote File Inclusion. CVE-2006-2811. Webapps exploit for php platform id EDB-ID:27951 last seen 2016-02-03 modified 2006-06-02 published 2006-06-02 reporter black-cod3 source https://www.exploit-db.com/download/27951/ title ovidentia 5.6.x/5.8 vacadma.php babInstallPath Parameter Remote File Inclusion description ovidentia 5.6.x/5.8 search.php babInstallPath Parameter Remote File Inclusion. CVE-2006-2811. Webapps exploit for php platform id EDB-ID:27954 last seen 2016-02-03 modified 2006-06-02 published 2006-06-02 reporter black-cod3 source https://www.exploit-db.com/download/27954/ title ovidentia 5.6.x/5.8 - search.php babInstallPath Parameter Remote File Inclusion description ovidentia 5.6.x/5.8 options.php babInstallPath Parameter Remote File Inclusion. CVE-2006-2811. Webapps exploit for php platform id EDB-ID:27956 last seen 2016-02-03 modified 2006-06-02 published 2006-06-02 reporter black-cod3 source https://www.exploit-db.com/download/27956/ title ovidentia 5.6.x/5.8 options.php babInstallPath Parameter Remote File Inclusion description ovidentia 5.6.x/5.8 posts.php babInstallPath Parameter Remote File Inclusion. CVE-2006-2811. Webapps exploit for php platform id EDB-ID:27955 last seen 2016-02-03 modified 2006-06-02 published 2006-06-02 reporter black-cod3 source https://www.exploit-db.com/download/27955/ title ovidentia 5.6.x/5.8 posts.php babInstallPath Parameter Remote File Inclusion description ovidentia 5.6.x/5.8 vacadm.php babInstallPath Parameter Remote File Inclusion. CVE-2006-2811. Webapps exploit for php platform id EDB-ID:27952 last seen 2016-02-03 modified 2006-06-02 published 2006-06-02 reporter black-cod3 source https://www.exploit-db.com/download/27952/ title ovidentia 5.6.x/5.8 vacadm.php babInstallPath Parameter Remote File Inclusion description ovidentia 5.6.x/5.8 statart.php babInstallPath Parameter Remote File Inclusion. CVE-2006-2811. Webapps exploit for php platform id EDB-ID:27953 last seen 2016-02-03 modified 2006-06-02 published 2006-06-02 reporter black-cod3 source https://www.exploit-db.com/download/27953/ title ovidentia 5.6.x/5.8 statart.php babInstallPath Parameter Remote File Inclusion description ovidentia 5.6.x/5.8 approb.php babInstallPath Parameter Remote File Inclusion. CVE-2006-2811. Webapps exploit for php platform id EDB-ID:27949 last seen 2016-02-03 modified 2006-06-02 published 2006-06-02 reporter black-cod3 source https://www.exploit-db.com/download/27949/ title ovidentia 5.6.x/5.8 approb.php babInstallPath Parameter Remote File Inclusion
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 18232 CVE(CAN) ID: CVE-2006-2811 Ovidentia是一种基于Web的远程协作及内容管理工具。 Ovidentia处理用户请求时存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上以Web进程权限执行任意命令。 Ovidentia的多个脚本没有正确验证babInstallPath参数的输入,允许攻击者通过包含本地或外部资源的任意文件导致执行任意代码。 Ovidentia Ovidentia 5.8 Ovidentia --------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: <a href=http://www.ovidentia.org/ target=_blank>http://www.ovidentia.org/</a> |
| id | SSV:2689 |
| last seen | 2017-11-19 |
| modified | 2007-12-26 |
| published | 2007-12-26 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-2689 |
| title | Ovidentia多个脚本远程文件包含漏洞 |
References
- http://securityreason.com/securityalert/1033
- http://www.osvdb.org/27209
- http://www.osvdb.org/27211
- http://www.osvdb.org/27212
- http://www.osvdb.org/27213
- http://www.osvdb.org/27214
- http://www.osvdb.org/27215
- http://www.osvdb.org/27216
- http://www.osvdb.org/27217
- http://www.osvdb.org/27218
- http://www.osvdb.org/27219
- http://www.osvdb.org/27220
- http://www.osvdb.org/27221
- http://www.osvdb.org/27222
- http://www.osvdb.org/27223
- http://www.osvdb.org/27224
- http://www.osvdb.org/27225
- http://www.osvdb.org/27226
- http://www.osvdb.org/27227
- http://www.osvdb.org/27228
- http://www.osvdb.org/27229
- http://www.securityfocus.com/archive/1/435590/100/0/threaded
- http://www.securityfocus.com/archive/1/456893/100/200/threaded
- http://www.securityfocus.com/archive/1/459572/100/0/threaded
- http://www.securityfocus.com/bid/18232
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26981