Vulnerabilities > CVE-2006-4993 - Remote File Include vulnerability in AllMyGuests SignIn.PHP

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
voice-of-web
exploit available

Summary

Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _AMGconfig[cfg_serverpath] parameter in (1) modules/AllMyGuests/signin.php (aka the Nuke module) and (2) AllMyGuests/signin.php (aka the standalone).

Vulnerable Configurations

Part Description Count
Application
Voice_Of_Web
1

Exploit-Db

descriptionAllMyGuests <= 0.4.1 (cfg_serverpath) Remote File Include Vulnerability. CVE-2006-4993. Webapps exploit for php platform
fileexploits/php/webapps/2405.txt
idEDB-ID:2405
last seen2016-01-31
modified2006-09-20
platformphp
port
published2006-09-20
reporterBr@Him
sourcehttps://www.exploit-db.com/download/2405/
titleAllMyGuests <= 0.4.1 cfg_serverpath Remote File Include Vulnerability
typewebapps