Vulnerabilities > CVE-2006-4448 - Unspecified vulnerability in Interact Learning Community Environment Interact 2.2

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
interact-learning-community-environment
exploit available
NVD
Published: 2006-08-30
Updated: 2024-11-21

Summary

Multiple PHP remote file inclusion vulnerabilities in interact 2.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[BASE_PATH] parameter in (a) admin/autoprompter.php and (b) includes/common.inc.php, and the (2) CONFIG[LANGUAGE_CPATH] parameter in (c) admin/autoprompter.php.

Vulnerable Configurations

Part Description Count
Application
Interact_Learning_Community_Environment
1

Exploit-Db

descriptioninteract <= 2.2 (CONFIG[BASE_PATH]) Remote File Include Vulnerability. CVE-2006-4448. Webapps exploit for php platform
fileexploits/php/webapps/2218.txt
idEDB-ID:2218
last seen2016-01-31
modified2006-08-19
platformphp
port
published2006-08-19
reporterKacper
sourcehttps://www.exploit-db.com/download/2218/
titleinteract <= 2.2 - CONFIGBASE_PATH Remote File Include Vulnerability
typewebapps

References