Vulnerabilities > CVE-2006-4962 - Input Validation vulnerability in PHPBlueDragon CMS
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Directory traversal vulnerability in pbd_engine.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence via the phpExt parameter, as demonstrated by executing PHP code in a log file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
description Php Blue Dragon CMS <= 2.9.1 (XSS/SQL) Code Execution Exploit. CVE-2006-4960,CVE-2006-4961,CVE-2006-4962. Webapps exploit for php platform file exploits/php/webapps/2402.php id EDB-ID:2402 last seen 2016-01-31 modified 2006-09-20 platform php port published 2006-09-20 reporter Kacper source https://www.exploit-db.com/download/2402/ title Php Blue Dragon CMS <= 2.9.1 XSS/SQL Code Execution Exploit type webapps id EDB-ID:4277
References
- http://secunia.com/advisories/22031
- http://www.securityfocus.com/bid/20123
- http://www.securityfocus.com/bid/25264
- http://www.vupen.com/english/advisories/2006/3736
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29067
- https://www.exploit-db.com/exploits/2402
- https://www.exploit-db.com/exploits/4277