Vulnerabilities > CVE-2006-4448 - Remote File Include vulnerability in Interact Learning Community Environment Interact 2.2

047910
CVSS 5.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
high complexity
interact-learning-community-environment
exploit available
NVD
Published: 2006-08-30
Updated: 2018-10-17

Summary

Multiple PHP remote file inclusion vulnerabilities in interact 2.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[BASE_PATH] parameter in (a) admin/autoprompter.php and (b) includes/common.inc.php, and the (2) CONFIG[LANGUAGE_CPATH] parameter in (c) admin/autoprompter.php.

Vulnerable Configurations

Part Description Count
Application
Interact_Learning_Community_Environment
1

Exploit-Db

descriptioninteract <= 2.2 (CONFIG[BASE_PATH]) Remote File Include Vulnerability. CVE-2006-4448. Webapps exploit for php platform
fileexploits/php/webapps/2218.txt
idEDB-ID:2218
last seen2016-01-31
modified2006-08-19
platformphp
port
published2006-08-19
reporterKacper
sourcehttps://www.exploit-db.com/download/2218/
titleinteract <= 2.2 - CONFIGBASE_PATH Remote File Include Vulnerability
typewebapps

References