Vulnerabilities > CVE-2006-4458 - Unspecified vulnerability in PHPgroupware 0.9.16.010
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN phpgroupware
exploit available
Summary
Directory traversal vulnerability in calendar/inc/class.holidaycalc.inc.php in phpGroupWare 0.9.16.010 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the GLOBALS[phpgw_info][user][preferences][common][country] parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | phpGroupWare <= 0.9.16.010 GLOBALS[] Remote Code Execution Exploit. CVE-2006-4458. Webapps exploit for php platform |
| file | exploits/php/webapps/2270.php |
| id | EDB-ID:2270 |
| last seen | 2016-01-31 |
| modified | 2006-08-29 |
| platform | php |
| port | |
| published | 2006-08-29 |
| reporter | Kacper |
| source | https://www.exploit-db.com/download/2270/ |
| title | phpGroupWare <= 0.9.16.010 - GLOBALS Remote Code Execution Exploit |
| type | webapps |
References
- http://secunia.com/advisories/21687
- http://secunia.com/advisories/21687
- http://www.securityfocus.com/bid/19751
- http://www.securityfocus.com/bid/19751
- http://www.vupen.com/english/advisories/2006/3414
- http://www.vupen.com/english/advisories/2006/3414
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28627
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28627
- https://www.exploit-db.com/exploits/2270
- https://www.exploit-db.com/exploits/2270