Vulnerabilities > CVE-2006-4055 - Remote File Include vulnerability in TSEP Colorswitch.PHP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple PHP remote file inclusion vulnerabilities in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter to (1) include/colorswitch.php, (2) contentimages.class.php, (3) ipfunctions.php, (4) configfunctions.php, (5) printpagedetails.php, or (6) log.class.php. NOTE: the copyright.php vector is already covered by CVE-2006-3993.
Exploit-Db
description TSEP <= 0.942 (copyright.php) Remote Inclusion Vulnerability. CVE-2006-3993,CVE-2006-4055,CVE-2006-4085. Webapps exploit for php platform file exploits/php/webapps/2098.txt id EDB-ID:2098 last seen 2016-01-31 modified 2006-08-01 platform php port published 2006-08-01 reporter Philipp Niedziela source https://www.exploit-db.com/download/2098/ title TSEP <= 0.942 copyright.php Remote Inclusion Vulnerability type webapps description TSEP <= 0.942 (colorswitch.php) Remote Inclusion Vulnerability. CVE-2006-4055. Webapps exploit for php platform file exploits/php/webapps/2116.txt id EDB-ID:2116 last seen 2016-01-31 modified 2006-08-02 platform php port published 2006-08-02 reporter beford source https://www.exploit-db.com/download/2116/ title TSEP <= 0.942 colorswitch.php Remote Inclusion Vulnerability type webapps
References
- http://secunia.com/advisories/21291
- http://securityreason.com/securityalert/1354
- http://sourceforge.net/forum/forum.php?forum_id=597790
- http://sourceforge.net/forum/forum.php?thread_id=1546639&forum_id=369628
- http://www.securityfocus.com/archive/1/442098/100/0/threaded
- http://www.securityfocus.com/bid/19326
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28107
- https://www.exploit-db.com/exploits/2116