Vulnerabilities > CVE-2006-5308 - Remote File Include vulnerability in Open Conference Systsems Fullpath
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple PHP remote file inclusion vulnerabilities in Open Conference Systems (OCS) before 1.1.6 allow remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter in (1) include/theme.inc.php or (2) include/footer.inc.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Open Conference Systems <= 1.1.4 (fullpath) File Include Vulnerabilities. CVE-2006-5308. Webapps exploit for php platform |
file | exploits/php/webapps/2536.txt |
id | EDB-ID:2536 |
last seen | 2016-01-31 |
modified | 2006-10-13 |
platform | php |
port | |
published | 2006-10-13 |
reporter | k1tk4t |
source | https://www.exploit-db.com/download/2536/ |
title | Open Conference Systems <= 1.1.4 - fullpath File Include Vulnerabilities |
type | webapps |
Nessus
NASL family | CGI abuses |
NASL id | OCS_FULLPATH_FILE_INCLUDE.NASL |
description | The remote host is using Open Conference System, a PHP application for managing scholarly conference websites. The version of Open Conference System installed on the remote host fails to sanitize input to the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 22874 |
published | 2006-10-18 |
reporter | This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/22874 |
title | Open Conference System < 1.1.6 Multiple Script fullpath Parameter Remote File Inclusion |
code |
|
References
- http://isc.sans.org/diary.php?storyid=1791
- http://pkp.sfu.ca/ocs_download
- http://pkp.sfu.ca:8043/bugzilla/attachment.cgi?id=90
- http://pkp.sfu.ca:8043/bugzilla/show_bug.cgi?id=2436
- http://secunia.com/advisories/22412
- http://securitytracker.com/id?1017071
- http://www.securityfocus.com/archive/1/448548/100/0/threaded
- http://www.securityfocus.com/bid/20567
- http://www.vupen.com/english/advisories/2006/4041
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29517
- https://www.exploit-db.com/exploits/2536