Vulnerabilities > CVE-2006-4065 - Unspecified vulnerability in Dmitry Sheiko Sapid Gallery
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN dmitry-sheiko
exploit available
Summary
Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko SAPID Gallery 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_calendar.inc.php or the (2) GLOBALS[root_path] parameter to (b) usr/extensions/get_tree.inc.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | SAPID Gallery <= 1.0 (root_path) Remote File Include Vulnerabilities. CVE-2006-4063,CVE-2006-4065. Webapps exploit for php platform |
| file | exploits/php/webapps/2130.txt |
| id | EDB-ID:2130 |
| last seen | 2016-01-31 |
| modified | 2006-08-07 |
| platform | php |
| port | 80 |
| published | 2006-08-07 |
| reporter | Kacper |
| source | https://www.exploit-db.com/download/2130/ |
| title | SAPID Gallery <= 1.0 root_path Remote File Include Vulnerabilities |
| type | webapps |
References
- http://secunia.com/advisories/21413
- http://secunia.com/advisories/21413
- http://www.vupen.com/english/advisories/2006/3197
- http://www.vupen.com/english/advisories/2006/3197
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28254
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28254
- https://www.exploit-db.com/exploits/2130
- https://www.exploit-db.com/exploits/2130