Vulnerabilities > CVE-2006-4531 - Remote File Include vulnerability in Pheap Config.PHP

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
bare-concept-media
exploit available

Summary

PHP remote file inclusion vulnerability in lib/config.php in Pheap CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter. The vendor has released version 1.3 to address this issue.

Vulnerable Configurations

Part Description Count
Application
Bare_Concept_Media
1

Exploit-Db

descriptionPheap CMS <= 1.1 (lpref) Remote File Include Exploit. CVE-2006-4531. Webapps exploit for php platform
fileexploits/php/webapps/2281.pl
idEDB-ID:2281
last seen2016-01-31
modified2006-08-31
platformphp
port
published2006-08-31
reporterKacper
sourcehttps://www.exploit-db.com/download/2281/
titlePheap CMS <= 1.1 lpref Remote File Include Exploit
typewebapps