Vulnerabilities > CVE-2006-4545 - Unspecified vulnerability in Modulebased CMS Modulebased CMS Prealpha

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
modulebased-cms
exploit available
NVD
Published: 2006-09-06
Updated: 2024-04-11

Summary

PHP remote file inclusion vulnerability in ModuleBased CMS Pre-Alpha allows remote attackers to execute arbitrary PHP code via the _SERVER parameter in (1) admin/avatar.php, (2) libs/archive.class.php, (3) libs/login.php, (4) libs/profiles.class.php, and (5) libs/profile/proccess.php. NOTE: CVE disputes this claim, as the _SERVER array and the _SERVER[DOCUMENT_ROOT] index are controlled by PHP and cannot be manipulated by an attacker

Vulnerable Configurations

Part Description Count
Application
Modulebased_Cms
1

Exploit-Db

descriptionModuleBased CMS Multiple Remote File Include Vulnerabilities. CVE-2006-4545. Webapps exploit for php platform
idEDB-ID:28440
last seen2016-02-03
modified2006-08-29
published2006-08-29
reportersCORPINo
sourcehttps://www.exploit-db.com/download/28440/
titleModuleBased CMS - Multiple Remote File Include Vulnerabilities

References