Vulnerabilities > CVE-2006-4115 - Remote File Include vulnerability in E-Zest Solutions Pgmarket 2.2.3

047910
CVSS 5.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
high complexity
e-zest-solutions
exploit available

Summary

PHP remote file inclusion vulnerability in common.inc.php in PgMarket 2.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CFG[libdir] parameter. Successful exploitation requires that "register_globals" is enabled.

Vulnerable Configurations

Part Description Count
Application
E-Zest_Solutions
1

Exploit-Db

descriptionPgMarket <= 2.2.3 (CFG[libdir]) Remote File Inclusion Vulnerability. CVE-2006-4115. Webapps exploit for php platform
idEDB-ID:2154
last seen2016-01-31
modified2006-08-09
published2006-08-09
reporterMehmet Ince
sourcehttps://www.exploit-db.com/download/2154/
titlePgMarket <= 2.2.3 - CFGlibdir Remote File Inclusion Vulnerability