Vulnerabilities > CVE-2006-4489 - Unspecified vulnerability in Ultrize Minibill
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN ultrize
exploit available
Summary
Multiple PHP remote file inclusion vulnerabilities in MiniBill 2006-07-14 (1.2.2) allow remote attackers to execute arbitrary PHP code via (1) a URL in the config[include_dir] parameter in actions/ipn.php or (2) an FTP path in the config[plugin_dir] parameter in include/initPlugins.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | MiniBill <= 1.22b config[plugin_dir] Remote File Inclusion Vulnerabilities. CVE-2006-4489. Webapps exploit for php platform |
| file | exploits/php/webapps/2272.txt |
| id | EDB-ID:2272 |
| last seen | 2016-01-31 |
| modified | 2006-08-29 |
| platform | php |
| port | |
| published | 2006-08-29 |
| reporter | the master |
| source | https://www.exploit-db.com/download/2272/ |
| title | MiniBill <= 1.22b - configplugin_dir Remote File Inclusion Vulnerabilities |
| type | webapps |
References
- http://secunia.com/advisories/21688
- http://secunia.com/advisories/21688
- http://securitytracker.com/id?1016769
- http://securitytracker.com/id?1016769
- http://www.attrition.org/pipermail/vim/2006-November/001115.html
- http://www.attrition.org/pipermail/vim/2006-November/001115.html
- http://www.osvdb.org/28258
- http://www.osvdb.org/28258
- http://www.osvdb.org/28259
- http://www.osvdb.org/28259
- http://www.securityfocus.com/bid/19568
- http://www.securityfocus.com/bid/19568
- http://www.ultrize.com/minibill/index.php
- http://www.ultrize.com/minibill/index.php
- http://www.ultrize.com/minibill/index.php?page=changelog
- http://www.ultrize.com/minibill/index.php?page=changelog
- http://www.vupen.com/english/advisories/2006/3413
- http://www.vupen.com/english/advisories/2006/3413
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28625
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28625
- https://www.exploit-db.com/exploits/2272
- https://www.exploit-db.com/exploits/2272