Vulnerabilities > CVE-2006-5021 - Remote File Include vulnerability in Redblog 0.5

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
redblog
exploit available
NVD
Published: 2006-09-27
Updated: 2008-09-05

Summary

Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the root parameter in imgen.php, and the root_path parameter in (2) admin/config.php, (3) common.php, and (4) admin/index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Vulnerable Configurations

Part Description Count
Application
Redblog
1

Exploit-Db

  • descriptionRedBLoG 0.5 imgen.php root Parameter Remote File Inclusion. CVE-2006-5021. Webapps exploit for php platform
    idEDB-ID:28611
    last seen2016-02-03
    modified2006-09-19
    published2006-09-19
    reporterRoot3r_H3ll
    sourcehttps://www.exploit-db.com/download/28611/
    titleRedBLoG 0.5 imgen.php Root Parameter Remote File Inclusion
  • descriptionRedBLoG 0.5 common.php root_path Parameter Remote File Inclusion. CVE-2006-5021. Webapps exploit for php platform
    idEDB-ID:28613
    last seen2016-02-03
    modified2006-09-19
    published2006-09-19
    reporterRoot3r_H3ll
    sourcehttps://www.exploit-db.com/download/28613/
    titleRedBLoG 0.5 common.php root_path Parameter Remote File Inclusion
  • descriptionRedBLoG 0.5 admin/index.php root_path Parameter Remote File Inclusion. CVE-2006-5021. Webapps exploit for php platform
    idEDB-ID:28614
    last seen2016-02-03
    modified2006-09-19
    published2006-09-19
    reporterRoot3r_H3ll
    sourcehttps://www.exploit-db.com/download/28614/
    titleRedBLoG 0.5 admin/index.php root_path Parameter Remote File Inclusion
  • descriptionRedBLoG 0.5 admin/config.php root_path Parameter Remote File Inclusion. CVE-2006-5021. Webapps exploit for php platform
    idEDB-ID:28612
    last seen2016-02-03
    modified2006-09-19
    published2006-09-19
    reporterRoot3r_H3ll
    sourcehttps://www.exploit-db.com/download/28612/
    titleRedBLoG 0.5 admin/config.php root_path Parameter Remote File Inclusion

References