Vulnerabilities > CVE-2006-3421 - Remote File Include vulnerability in SmartSiteCMS
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
PHP remote file inclusion vulnerability in SmartSiteCMS 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the root parameter in (1) comment.php, (2) admin/comedit.php, (3) admin/test.php, (4) admin/index.php, and (5) admin/include/inc_adminfoot.php, a different set of vectors than CVE-2006-3162.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description SmartSiteCMS 1.0 (root) Multiple Remote File Inclusion Vulnerabilities. CVE-2006-3421. Webapps exploit for php platform id EDB-ID:1974 last seen 2016-01-31 modified 2006-07-01 published 2006-07-01 reporter CrAsh_oVeR_rIdE source https://www.exploit-db.com/download/1974/ title SmartSiteCMS 1.0 root Multiple Remote File Inclusion Vulnerabilities description SmartSiteCMS 1.0 (root) Remote File Inclusion Vulnerability. CVE-2006-3162,CVE-2006-3421. Webapps exploit for php platform file exploits/php/webapps/1936.txt id EDB-ID:1936 last seen 2016-01-31 modified 2006-06-20 platform php port published 2006-06-20 reporter Archit3ct source https://www.exploit-db.com/download/1936/ title SmartSiteCMS 1.0 root Remote File Inclusion Vulnerability type webapps
References
- http://securityreason.com/securityalert/1198
- http://securitytracker.com/id?1016411
- http://www.osvdb.org/26748
- http://www.osvdb.org/26749
- http://www.osvdb.org/26750
- http://www.osvdb.org/26751
- http://www.osvdb.org/26752
- http://www.securityfocus.com/archive/1/438581/100/100/threaded
- http://www.securityfocus.com/bid/18697