Vulnerabilities > CVE-2006-3116 - Remote File Include vulnerability in PHPRaid PHPRAID_DIR Parameter
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.4 and 3.0.5 allow remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) configuration.php, (3) guilds.php, (4) index.php, (5) locations.php, (6) login.php, (7) lua_output.php, (8) permissions.php, (9) profile.php, (10) raids.php, (11) register.php, (12) roster.php, and (13) view.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0824.html
- http://secunia.com/advisories/20200
- http://secunia.com/secunia_research/2006-47/advisory/
- http://www.osvdb.org/26891
- http://www.osvdb.org/26892
- http://www.osvdb.org/26893
- http://www.osvdb.org/26894
- http://www.osvdb.org/26895
- http://www.osvdb.org/26896
- http://www.osvdb.org/26897
- http://www.osvdb.org/26898
- http://www.osvdb.org/26899
- http://www.osvdb.org/26900
- http://www.osvdb.org/26901
- http://www.osvdb.org/26902
- http://www.securityfocus.com/bid/18719
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27465