Vulnerabilities > CVE-2006-4423 - Remote File Include vulnerability in Bigace 1.8.2

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
bigace
exploit available
NVD
Published: 2006-08-29
Updated: 2018-10-17

Summary

Multiple PHP remote file inclusion vulnerabilities in Bigace 1.8.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[_BIGACE][DIR][admin] parameter in (a) system/command/admin.cmd.php, (b) admin/include/upload_form.php, and (c) admin/include/item_main.php; and the (2) GLOBALS[_BIGACE][DIR][libs] parameter in (d) system/command/admin.cmd.php and (e) system/command/download.cmd.php.

Vulnerable Configurations

Part Description Count
Application
Bigace
1

Exploit-Db

  • descriptionBigACE 1.8.2 download.cmd.php GLOBALS Parameter Remote File Inclusion. CVE-2006-4423. Webapps exploit for php platform
    idEDB-ID:28434
    last seen2016-02-03
    modified2006-08-26
    published2006-08-26
    reporterVampire
    sourcehttps://www.exploit-db.com/download/28434/
    titleBigACE 1.8.2 download.cmd.php GLOBALS Parameter Remote File Inclusion
  • descriptionBigACE 1.8.2 upload_form.php GLOBALS Parameter Remote File Inclusion. CVE-2006-4423 . Webapps exploit for php platform
    idEDB-ID:28433
    last seen2016-02-03
    modified2006-08-26
    published2006-08-26
    reporterVampire
    sourcehttps://www.exploit-db.com/download/28433/
    titleBigACE 1.8.2 upload_form.php GLOBALS Parameter Remote File Inclusion
  • descriptionBigACE 1.8.2 item_main.php GLOBALS Parameter Remote File Inclusion. CVE-2006-4423. Webapps exploit for php platform
    idEDB-ID:28432
    last seen2016-02-03
    modified2006-08-26
    published2006-08-26
    reporterVampire
    sourcehttps://www.exploit-db.com/download/28432/
    titleBigACE 1.8.2 item_main.php GLOBALS Parameter Remote File Inclusion
  • descriptionBigACE 1.8.2 admin.cmd.php GLOBALS Parameter Remote File Inclusion. CVE-2006-4423 . Webapps exploit for php platform
    idEDB-ID:28435
    last seen2016-02-03
    modified2006-08-26
    published2006-08-26
    reporterVampire
    sourcehttps://www.exploit-db.com/download/28435/
    titleBigACE 1.8.2 admin.cmd.php GLOBALS Parameter Remote File Inclusion

References