Vulnerabilities > CVE-2006-5076 - Remote File Include vulnerability in Back-End CMS 0.4.5

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
back-end
exploit available
NVD
Published: 2006-09-29
Updated: 2018-10-17

Summary

Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back-End 0.4.5 allow remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter in (1) admin/index.php, (2) Facts.php, or (3) search.php.

Vulnerable Configurations

Part Description Count
Application
Back-End
1

Exploit-Db

  • descriptionBack-End CMS 0.4.5 admin/index.php includes_path Parameter Remote File Inclusion. CVE-2006-5076. Webapps exploit for php platform
    idEDB-ID:28674
    last seen2016-02-03
    modified2006-09-25
    published2006-09-25
    reporterRoot3r_H3ll
    sourcehttps://www.exploit-db.com/download/28674/
    titleBack-End CMS 0.4.5 admin/index.php includes_path Parameter Remote File Inclusion
  • descriptionBack-End CMS 0.4.5 search.php includes_path Parameter Remote File Inclusion. CVE-2006-5076 . Webapps exploit for php platform
    idEDB-ID:28676
    last seen2016-02-03
    modified2006-09-25
    published2006-09-25
    reporterRoot3r_H3ll
    sourcehttps://www.exploit-db.com/download/28676/
    titleBack-End CMS 0.4.5 - search.php includes_path Parameter Remote File Inclusion
  • descriptionBack-End CMS 0.4.5 Facts.php includes_path Parameter Remote File Inclusion. CVE-2006-5076. Webapps exploit for php platform
    idEDB-ID:28675
    last seen2016-02-03
    modified2006-09-25
    published2006-09-25
    reporterRoot3r_H3ll
    sourcehttps://www.exploit-db.com/download/28675/
    titleBack-End CMS 0.4.5 Facts.php includes_path Parameter Remote File Inclusion

References