Vulnerabilities > CVE-2006-3421 - Unspecified vulnerability in Smartsitecms
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN smartsitecms
exploit available
Summary
PHP remote file inclusion vulnerability in SmartSiteCMS 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the root parameter in (1) comment.php, (2) admin/comedit.php, (3) admin/test.php, (4) admin/index.php, and (5) admin/include/inc_adminfoot.php, a different set of vectors than CVE-2006-3162.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description SmartSiteCMS 1.0 (root) Multiple Remote File Inclusion Vulnerabilities. CVE-2006-3421. Webapps exploit for php platform id EDB-ID:1974 last seen 2016-01-31 modified 2006-07-01 published 2006-07-01 reporter CrAsh_oVeR_rIdE source https://www.exploit-db.com/download/1974/ title SmartSiteCMS 1.0 root Multiple Remote File Inclusion Vulnerabilities description SmartSiteCMS 1.0 (root) Remote File Inclusion Vulnerability. CVE-2006-3162,CVE-2006-3421. Webapps exploit for php platform file exploits/php/webapps/1936.txt id EDB-ID:1936 last seen 2016-01-31 modified 2006-06-20 platform php port published 2006-06-20 reporter Archit3ct source https://www.exploit-db.com/download/1936/ title SmartSiteCMS 1.0 root Remote File Inclusion Vulnerability type webapps
References
- http://www.osvdb.org/26748
- http://www.osvdb.org/26749
- http://www.osvdb.org/26750
- http://www.osvdb.org/26751
- http://securitytracker.com/id?1016411
- http://www.securityfocus.com/bid/18697
- http://www.osvdb.org/26752
- http://securityreason.com/securityalert/1198
- http://www.securityfocus.com/archive/1/438581/100/100/threaded