Vulnerabilities > CVE-2006-4277 - Remote File Include vulnerability in Tutti Nova

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
tutti-nova
exploit available

Summary

Multiple PHP remote file inclusion vulnerabilities in Tutti Nova 1.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the TNLIB_DIR parameter to (1) include/novalib/class.novaAdmin.mysql.php and (2) novalib/class.novaRead.mysql.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Vulnerable Configurations

Part Description Count
Application
Tutti_Nova
1

Exploit-Db

descriptionTutti Nova <= 1.6 (TNLIB_DIR) Remote File Include Vulnerability. CVE-2006-4276,CVE-2006-4277. Webapps exploit for php platform
fileexploits/php/webapps/2220.txt
idEDB-ID:2220
last seen2016-01-31
modified2006-08-19
platformphp
port
published2006-08-19
reporterSHiKaA
sourcehttps://www.exploit-db.com/download/2220/
titleTutti Nova <= 1.6 TNLIB_DIR Remote File Include Vulnerability
typewebapps