Vulnerabilities > CVE-2006-4987 - Input Validation vulnerability in Patrick Michaelis Wili-Cms 0.1.1

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
patrick-michaelis
exploit available

Summary

Multiple PHP remote file inclusion vulnerabilities in Patrick Michaelis Wili-CMS allow remote attackers to execute arbitrary PHP code via a URL in the globals[content_dir] parameter in (1) example-view/templates/article.php, (2) example-view/templates/root.php, and (3) example-view/templates/dates_list.php.

Vulnerable Configurations

Part Description Count
Application
Patrick_Michaelis
1

Exploit-Db

descriptionWili-CMS <= 0.1.1 (include/xss/full path) Remote Vulnerabilities. CVE-2006-4987,CVE-2006-4988,CVE-2006-4989. Webapps exploit for php platform
idEDB-ID:2414
last seen2016-01-31
modified2006-09-21
published2006-09-21
reporterHACKERS PAL
sourcehttps://www.exploit-db.com/download/2414/
titleWili-CMS <= 0.1.1 include/xss/full path Remote Vulnerabilities