Vulnerabilities > CVE-2006-4004 - Local File inclusion vulnerability in VBPortal BBVBPLang Parameter

047910
CVSS 6.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
vbportal
exploit available
NVD
Published: 2006-08-07
Updated: 2017-10-19

Summary

Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.

Vulnerable Configurations

Part Description Count
Application
Vbportal
5

Exploit-Db

descriptionvbPortal 3.0.2. CVE-2006-4004. Webapps exploit for php platform
fileexploits/php/webapps/2087.php
idEDB-ID:2087
last seen2016-01-31
modified2006-07-29
platformphp
port
published2006-07-29
reporterR00t[ATI]
sourcehttps://www.exploit-db.com/download/2087/
titlevbPortal 3.0.2 <= 3.6.0 b1 - cookie Remote Code Excution Exploit
typewebapps

References