Vulnerabilities > CVE-2006-5615 - Remote File Include vulnerability in Textpattern 1.19

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
textpattern
exploit available
NVD
Published: 2006-10-31
Updated: 2018-10-17

Summary

PHP remote file inclusion vulnerability in publish.php in Textpattern 1.19, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the txpcfg[txpath] parameter.

Vulnerable Configurations

Part Description Count
Application
Textpattern
1

Exploit-Db

descriptionTextPattern <= 1.19 (publish.php) Remote File Inclusion Vulnerability. CVE-2006-5615. Webapps exploit for php platform
idEDB-ID:2646
last seen2016-01-31
modified2006-10-25
published2006-10-25
reporterBithedz
sourcehttps://www.exploit-db.com/download/2646/
titleTextPattern <= 1.19 publish.php Remote File Inclusion Vulnerability

References