Vulnerabilities > CVE-2006-4329 - Remote File Include vulnerability in Shadows Rising RPG

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
shadows-rising-rpg
exploit available
NVD
Published: 2006-08-24
Updated: 2017-10-19

Summary

Multiple PHP remote file inclusion vulnerabilities in Shadows Rising RPG (Pre-Alpha) 0.0.5b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[gameroot] parameter to (1) core/includes/security.inc.php, (2) core/includes/smarty.inc.php, (3) qcms/includes/smarty.inc.php or (4) qlib/smarty.inc.php.

Vulnerable Configurations

Part Description Count
Application
Shadows_Rising_Rpg
1

Exploit-Db

descriptionShadows Rising RPG <= 0.0.5b Remote File Include Vulnerabilities. CVE-2006-4329. Webapps exploit for php platform
fileexploits/php/webapps/2229.txt
idEDB-ID:2229
last seen2016-01-31
modified2006-08-20
platformphp
port
published2006-08-20
reporterKacper
sourcehttps://www.exploit-db.com/download/2229/
titleShadows Rising RPG <= 0.0.5b Remote File Include Vulnerabilities
typewebapps

References