Vulnerabilities > CVE-2006-2877 - Remote File Include vulnerability in Sangwan KIM Bookmark4U 2.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlier allows remote attackers to include arbitrary PHP files via the include_prefix parameter in (1) inc/dbase.php, (2) inc/config.php, (3) inc/common.php, and (4) inc/function.php. NOTE: it has been reported that the inc directory is protected by a .htaccess file, so this issue only applies in certain environments or configurations.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description Bookmark4U 2.0 inc/config.php env[include_prefix] Parameter Remote File Inclusion. CVE-2006-2877. Webapps exploit for php platform id EDB-ID:27974 last seen 2016-02-03 modified 2006-06-05 published 2006-06-05 reporter SnIpEr_SA source https://www.exploit-db.com/download/27974/ title Bookmark4U 2.0 - inc/config.php envinclude_prefix Parameter Remote File Inclusion description Bookmark4U 2.0 inc/dbase.php env[include_prefix] Parameter Remote File Inclusion. CVE-2006-2877. Webapps exploit for php platform id EDB-ID:27973 last seen 2016-02-03 modified 2006-06-05 published 2006-06-05 reporter SnIpEr_SA source https://www.exploit-db.com/download/27973/ title Bookmark4U 2.0 - inc/dbase.php envinclude_prefix Parameter Remote File Inclusion description Bookmark4U 2.0 inc/function.php env[include_prefix] Parameter Remote File Inclusion. CVE-2006-2877. Webapps exploit for php platform id EDB-ID:27976 last seen 2016-02-03 modified 2006-06-05 published 2006-06-05 reporter SnIpEr_SA source https://www.exploit-db.com/download/27976/ title Bookmark4U 2.0 - inc/function.php envinclude_prefix Parameter Remote File Inclusion description Bookmark4U 2.0 inc/common.php env[include_prefix] Parameter Remote File Inclusion. CVE-2006-2877 . Webapps exploit for php platform id EDB-ID:27975 last seen 2016-02-03 modified 2006-06-05 published 2006-06-05 reporter SnIpEr_SA source https://www.exploit-db.com/download/27975/ title Bookmark4U 2.0 - inc/common.php envinclude_prefix Parameter Remote File Inclusion
References
- http://secunia.com/advisories/19758
- http://securityreason.com/securityalert/1058
- http://securitytracker.com/id?1016224
- http://www.osvdb.org/26599
- http://www.osvdb.org/26600
- http://www.osvdb.org/26601
- http://www.osvdb.org/26602
- http://www.securityfocus.com/archive/1/435964/100/0/threaded
- http://www.securityfocus.com/archive/1/436027/100/0/threaded
- http://www.securityfocus.com/bid/18281
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26933