Vulnerabilities > CVE-2006-4063 - Remote Security vulnerability in Csaba Godor Sapid Blog Beta 2 Initial

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
csaba-godor
exploit available
NVD
Published: 2006-08-10
Updated: 2017-10-19

Summary

Multiple PHP remote file inclusion vulnerabilities in Csaba Godor SAPID Blog Beta 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_blog_infochannel.inc.php, (b) usr/extensions/get_blog_meta_info.inc.php, or (c) usr/extensions/get_infochannel.inc.php; or the (2) GLOBALS[root_path] parameter to (d) usr/extensions/get_tree.inc.php.

Vulnerable Configurations

Part Description Count
Application
Csaba_Godor
1

Exploit-Db

  • descriptionSAPID Shop <= 1.2 (root_path) Remote File Include Vulnerability. CVE-2006-4062,CVE-2006-4063. Webapps exploit for php platform
    fileexploits/php/webapps/2131.txt
    idEDB-ID:2131
    last seen2016-01-31
    modified2006-08-07
    platformphp
    port80
    published2006-08-07
    reporterKacper
    sourcehttps://www.exploit-db.com/download/2131/
    titleSAPID Shop <= 1.2 root_path Remote File Include Vulnerability
    typewebapps
  • descriptionSAPID Gallery <= 1.0 (root_path) Remote File Include Vulnerabilities. CVE-2006-4063,CVE-2006-4065. Webapps exploit for php platform
    fileexploits/php/webapps/2130.txt
    idEDB-ID:2130
    last seen2016-01-31
    modified2006-08-07
    platformphp
    port80
    published2006-08-07
    reporterKacper
    sourcehttps://www.exploit-db.com/download/2130/
    titleSAPID Gallery <= 1.0 root_path Remote File Include Vulnerabilities
    typewebapps
  • descriptionSAPID CMS <= 1.2.3.05 (root_path) Remote File Include Vulnerabilities. CVE-2006-4026,CVE-2006-4063. Webapps exploit for php platform
    fileexploits/php/webapps/2128.txt
    idEDB-ID:2128
    last seen2016-01-31
    modified2006-08-07
    platformphp
    port
    published2006-08-07
    reporterKacper
    sourcehttps://www.exploit-db.com/download/2128/
    titleSAPID CMS <= 1.2.3.05 root_path Remote File Include Vulnerabilities
    typewebapps
  • idEDB-ID:2129

References