Vulnerabilities > CVE-2006-4656 - Remote File Include vulnerability in Web-Provence SL_Site Spaw_control.class.PHP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
PHP remote file inclusion vulnerability in admin/editeur/spaw_control.class.php in Web Provence SL_Site 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in a third party product, SPAW Editor PHP Edition.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description SL_Site <= 1.0 (spaw_root) Remote File Include Vulnerability. CVE-2006-4656,CVE-2006-5291. Webapps exploit for php platform file exploits/php/webapps/2317.txt id EDB-ID:2317 last seen 2016-01-31 modified 2006-09-07 platform php port published 2006-09-07 reporter Kw3[R]Ln source https://www.exploit-db.com/download/2317/ title SL_Site <= 1.0 spaw_root Remote File Include Vulnerability type webapps description Download-Engine <= 1.4.2 (spaw) Remote File Include Vulnerability. CVE-2006-4656,CVE-2006-5291. Webapps exploit for php platform file exploits/php/webapps/2521.txt id EDB-ID:2521 last seen 2016-01-31 modified 2006-10-12 platform php port published 2006-10-12 reporter v1per-haCker source https://www.exploit-db.com/download/2521/ title Download-Engine <= 1.4.2 spaw Remote File Include Vulnerability type webapps
References
- http://securityreason.com/securityalert/1522
- http://securitytracker.com/id?1016814
- http://spaw.cvs.sourceforge.net/spaw/spaw/docs/ChangeLog.txt?view=markup
- http://spaw.cvs.sourceforge.net/spaw/spaw/spaw_control.class.php?r1=1.19&r2=1.20
- http://spaw.cvs.sourceforge.net/spaw/spaw/spaw_control.class.php?r1=1.25&r2=1.26
- http://www.securityfocus.com/archive/1/445520/100/0/threaded
- http://www.securityfocus.com/bid/19892
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28783
- https://www.exploit-db.com/exploits/2317