Vulnerabilities > CVE-2006-4062 - Unspecified vulnerability in Dmitry Sheiko Sapid Shop
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN dmitry-sheiko
exploit available
Summary
PHP remote file inclusion vulnerability in usr/extensions/get_tree.inc.php in Dmitry Sheiko SAPID Shop 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_path] parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | SAPID Shop <= 1.2 (root_path) Remote File Include Vulnerability. CVE-2006-4062,CVE-2006-4063. Webapps exploit for php platform |
| file | exploits/php/webapps/2131.txt |
| id | EDB-ID:2131 |
| last seen | 2016-01-31 |
| modified | 2006-08-07 |
| platform | php |
| port | 80 |
| published | 2006-08-07 |
| reporter | Kacper |
| source | https://www.exploit-db.com/download/2131/ |
| title | SAPID Shop <= 1.2 root_path Remote File Include Vulnerability |
| type | webapps |
References
- http://secunia.com/advisories/21414
- http://secunia.com/advisories/21414
- http://www.vupen.com/english/advisories/2006/3198
- http://www.vupen.com/english/advisories/2006/3198
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28255
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28255
- https://www.exploit-db.com/exploits/2131
- https://www.exploit-db.com/exploits/2131