Vulnerabilities > CVE-2006-3987 - Remote File Include vulnerability in Knusperleicht FileManager DWL_Download
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple PHP remote file inclusion vulnerabilities in index.php in Knusperleicht FileManager 1.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) dwl_download_path or (2) dwl_include_path parameters. Successful exploitation requires that "register_globals" is enabled.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | k_fileManager <= 1.2 (dwl_include_path) Remote Inclusion Vulnerability. CVE-2006-3987. Webapps exploit for php platform |
| file | exploits/php/webapps/2104.txt |
| id | EDB-ID:2104 |
| last seen | 2016-01-31 |
| modified | 2006-08-01 |
| platform | php |
| port | |
| published | 2006-08-01 |
| reporter | SHiKaA |
| source | https://www.exploit-db.com/download/2104/ |
| title | k_fileManager <= 1.2 dwl_include_path Remote Inclusion Vulnerability |
| type | webapps |
References
- http://secunia.com/advisories/21294
- http://securityreason.com/securityalert/1327
- http://www.securityfocus.com/archive/1/441813/100/0/threaded
- http://www.securityfocus.com/bid/19270
- http://www.vupen.com/english/advisories/2006/3089
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28128
- https://www.exploit-db.com/exploits/2104