Vulnerabilities > CVE-2006-3537 - Remote File Include vulnerability in Randshop 0.9.3

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

randshop

NVD

Published: 2006-07-12

Updated: 2018-10-18

Summary

PHP remote file inclusion vulnerability in index.php in Randshop before 1.2 allows remote attackers to execute arbitrary PHP code via the dateiPfad parameter, a different vector than CVE-2006-3375. This vulnerability is addressed in the following product release: Randshop, Randshop, 1.2

Vulnerable Configurations

Part	Description	Count
Application	Randshop Randshop Randshop 0.9.3 Randshop Randshop *	2

References

http://securityreason.com/securityalert/1213
http://www.securityfocus.com/archive/1/439750/100/0/threaded
http://www.securityfocus.com/bid/18865
http://www.vupen.com/english/advisories/2006/2740
https://exchange.xforce.ibmcloud.com/vulnerabilities/27540
https://exchange.xforce.ibmcloud.com/vulnerabilities/27541