Vulnerabilities > CVE-2006-3387 - Unspecified vulnerability in Fusionphp Fusion News 1.0
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN fusionphp
exploit available
Summary
Directory traversal vulnerability in sources/post.php in Fusion News 1.0, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the fil_config parameter, which can be used to execute PHP code that has been injected into a log file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Fusion News v.1.0 (fil_config) Remote File Inclusion Exploit. CVE-2006-3387. Webapps exploit for php platform |
| file | exploits/php/webapps/1812.pl |
| id | EDB-ID:1812 |
| last seen | 2016-01-31 |
| modified | 2006-05-21 |
| platform | php |
| port | |
| published | 2006-05-21 |
| reporter | X0r_1 |
| source | https://www.exploit-db.com/download/1812/ |
| title | Fusion News 1.0 fil_config - Remote File Inclusion RFI |
| type | webapps |