Vulnerabilities > CVE-2006-4638 - Remote File Include vulnerability in ACGV News PathNews Parameter

047910
CVSS 5.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
high complexity
acgv-news
exploit available

Summary

PHP remote file inclusion vulnerability in article.php in ACGV News 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PathNews parameter. Successful exploitation requires that "register_globals" is enabled.

Vulnerable Configurations

Part Description Count
Application
Acgv_News
1

Exploit-Db

descriptionACGV News <= 0.9.1 (PathNews) Remote File Inclusion Vulnerability. CVE-2006-4638. Webapps exploit for php platform
fileexploits/php/webapps/2307.txt
idEDB-ID:2307
last seen2016-01-31
modified2006-09-05
platformphp
port
published2006-09-05
reporterSHiKaA
sourcehttps://www.exploit-db.com/download/2307/
titleACGV News <= 0.9.1 PathNews Remote File Inclusion Vulnerability
typewebapps