Vulnerabilities > CVE-2006-4877 - Unspecified vulnerability in David Bennett PHP-Post

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
david-bennett
exploit available

Summary

Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the table_prefix parameter in (1) index.php, (2) profile.php, and (3) header.php.

Vulnerable Configurations

Part Description Count
Application
David_Bennett
1

Exploit-Db

descriptionPHP-post Web Forum 0.x.1.0 profile.php Multiple Parameter SQL Injection. CVE-2006-4877. Webapps exploit for php platform
idEDB-ID:28591
last seen2016-02-03
modified2006-09-16
published2006-09-16
reporterHACKERS PAL
sourcehttps://www.exploit-db.com/download/28591/
titlePHP-post Web Forum 0.x.1.0 profile.php Multiple Parameter SQL Injection