Vulnerabilities > CVE-2006-3997 - Remote File Include vulnerability in Wowroster 1.5/1.5.1

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
wowroster
exploit available
NVD
Published: 2006-08-05
Updated: 2018-10-17

Summary

PHP remote file inclusion vulnerability in hsList.php in WoWRoster (aka World of Warcraft Roster) 1.5.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the subdir parameter.

Vulnerable Configurations

Part Description Count
Application
Wowroster
2

Exploit-Db

descriptionWoW Roster 1.5 hsList.php subdir Parameter Remote File Inclusion. CVE-2006-3997. Webapps exploit for php platform
idEDB-ID:28317
last seen2016-02-03
modified2006-08-01
published2006-08-01
reporterskulmatic
sourcehttps://www.exploit-db.com/download/28317/
titleWoW Roster 1.5 hsList.php subdir Parameter Remote File Inclusion

References