Vulnerabilities > CVE-2006-4721 - Unspecified vulnerability in Ccleague PRO Sports CMS 1.0.1Rc1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN ccleague
exploit available
Summary
Directory traversal vulnerability in admin.php in CCleague Pro Sports CMS 1.0.1 RC1 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the language Cookie parameter, as demonstrated by executing PHP code via a log file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | CCleague Pro <= 1.0.1RC1 (Cookie) Remote Code Execution Exploit. CVE-2006-4721. Webapps exploit for php platform |
| file | exploits/php/webapps/2333.php |
| id | EDB-ID:2333 |
| last seen | 2016-01-31 |
| modified | 2006-09-08 |
| platform | php |
| port | |
| published | 2006-09-08 |
| reporter | Kacper |
| source | https://www.exploit-db.com/download/2333/ |
| title | CCleague Pro <= 1.0.1RC1 Cookie Remote Code Execution Exploit |
| type | webapps |
References
- http://secunia.com/advisories/21843
- http://secunia.com/advisories/21843
- http://sn4k3.persiangig.com/Expl0it/CCleaguePro_V1.0.1RC1%20Directory%20Traversal%20Vulnerability.txt
- http://sn4k3.persiangig.com/Expl0it/CCleaguePro_V1.0.1RC1%20Directory%20Traversal%20Vulnerability.txt
- http://unkn0wn.awardspace.com/Blog/?p=46
- http://unkn0wn.awardspace.com/Blog/?p=46
- http://www.securityfocus.com/archive/1/463191/100/0/threaded
- http://www.securityfocus.com/archive/1/463191/100/0/threaded
- http://www.securityfocus.com/archive/1/463217/100/0/threaded
- http://www.securityfocus.com/archive/1/463217/100/0/threaded
- http://www.vupen.com/english/advisories/2006/3549
- http://www.vupen.com/english/advisories/2006/3549
- https://www.exploit-db.com/exploits/2333
- https://www.exploit-db.com/exploits/2333