Vulnerabilities > CVE-2006-2863 - Remote File Include vulnerability in CS-Cart Class.cs_phpmailer.PHP

CVSS 5.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

high complexity

cs-cart

exploit available

NVD

Published: 2006-06-06

Updated: 2017-10-19

Summary

PHP remote file inclusion vulnerability in class.cs_phpmailer.php in CS-Cart 1.3.3 allows remote attackers to execute arbitrary PHP code via a URL in the classes_dir parameter. Successful exploitation requires that "register_globals" is enabled.

Vulnerable Configurations

Part	Description	Count
Application	Cs-Cart CS Cart CS Cart 1.3.0 CS Cart CS Cart .1.3.0 CS Cart CS Cart .1.3.2 CS Cart CS Cart .1.3.3 CS Cart CS Cart .1.3.4 CS Cart CS Cart 1.3.2 CS Cart CS Cart 1.3.3	7

Exploit-Db

description	CS-Cart. CVE-2006-2863. Webapps exploit for php platform
file	exploits/php/webapps/1872.txt
id	EDB-ID:1872
last seen	2016-01-31
modified	2006-06-03
platform	php
port
published	2006-06-03
reporter	Kacper
source	https://www.exploit-db.com/download/1872/
title	CS-Cart <= 1.3.3 - classes_dir Remote File Include Vulnerability
type	webapps

Summary

Vulnerable Configurations

Exploit-Db

References