Vulnerabilities > CVE-2006-4920 - Unspecified vulnerability in Siteatschool
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple PHP remote file inclusion vulnerabilities in Site@School (S@S) 2.4.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to (1) starnet/modules/sn_allbum/slideshow.php, and (2) starnet/themes/editable/main.inc.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Site@School <= 2.4.02 Advisory / Remote File Upload Exploit. CVE-2006-4920,CVE-2006-4921,CVE-2006-4922. Webapps exploit for php platform |
file | exploits/php/webapps/2374.pl |
id | EDB-ID:2374 |
last seen | 2016-01-31 |
modified | 2006-09-15 |
platform | php |
port | |
published | 2006-09-15 |
reporter | simo64 |
source | https://www.exploit-db.com/download/2374/ |
title | Site@School <= 2.4.02 - Remote File Upload Exploit |
type | webapps |
Nessus
NASL family | CGI abuses |
NASL id | SITEATSCHOOL_CMSDIR_FILE_INCLUDES.NASL |
description | The remote host is running Site@School, an open source, PHP-based, content management system intended for primary schools. The version of Site@School installed on the remote host fails to sanitize input to the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 22368 |
published | 2006-09-16 |
reporter | This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/22368 |
title | Site@School Multiple Script cmsdir Parameter Remote File Inclusion |
code |
|
References
- http://marc.info/?l=bugtraq&m=115869368313367&w=2
- http://marc.info/?l=bugtraq&m=115869368313367&w=2
- http://secunia.com/advisories/21975
- http://secunia.com/advisories/21975
- http://securitytracker.com/id?1016887
- http://securitytracker.com/id?1016887
- http://www.osvdb.org/28940
- http://www.osvdb.org/28940
- http://www.osvdb.org/28942
- http://www.osvdb.org/28942
- http://www.securityfocus.com/bid/20053
- http://www.securityfocus.com/bid/20053
- http://www.vupen.com/english/advisories/2006/3664
- http://www.vupen.com/english/advisories/2006/3664
- https://www.exploit-db.com/exploits/2374
- https://www.exploit-db.com/exploits/2374