Vulnerabilities > CVE-2006-3517 - Remote File Include vulnerability in RW::Download Stats.PHP

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
rwscripts-com
exploit available

Summary

PHP remote file inclusion vulnerability in stats.php in RW::Download, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.

Vulnerable Configurations

Part Description Count
Application
Rwscripts.Com
1

Exploit-Db

descriptionRW::Download Stats.PHP Remote File Include Vulnerability. CVE-2006-3517. Webapps exploit for php platform
idEDB-ID:28195
last seen2016-02-03
modified2006-07-08
published2006-07-08
reporterStorMBoY
sourcehttps://www.exploit-db.com/download/28195/
titleRW::Download Stats.PHP Remote File Include Vulnerability