Vulnerabilities > CVE-2006-5135 - Remote File Include vulnerability in A-Blog 2

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
a-blog
exploit available

Summary

Multiple PHP remote file inclusion vulnerabilities in A-Blog 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) open_box, (2) middle_box, and (3) close_box parameters in (a) sources/myaccount.php; the (4) navigation_end parameter in (b) navigation/search.php and (c) navigation/donation.php; and the (6) navigation_start and (7) navigation_middle parameters in navigation/donation.php, (d) navigation/latestnews.php, and (e) navigation/links.php; different vectors than CVE-2006-5092.

Vulnerable Configurations

Part Description Count
Application
A-Blog
1

Exploit-Db

descriptionA-Blog 2.0 Multiple Remote File Include Vulnerabilities. CVE-2006-5135. Webapps exploit for php platform
fileexploits/php/webapps/2442.txt
idEDB-ID:2442
last seen2016-01-31
modified2006-09-27
platformphp
port
published2006-09-27
reporterv1per-haCker
sourcehttps://www.exploit-db.com/download/2442/
titleA-Blog 2.0 - Multiple Remote File Include Vulnerabilities
typewebapps