Vulnerabilities > CVE-2006-6232 - Remote File Include vulnerability in Dreamcost Dreamaccount 3.1

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
dreamcost
exploit available
NVD
Published: 2006-12-02
Updated: 2018-10-17

Summary

PHP remote file inclusion vulnerability in admin/index.php in DreamAccount 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

Vulnerable Configurations

Part Description Count
Application
Dreamcost
1

Exploit-Db

descriptionDreamAccount <= 3.1 (auth.api.php) Remote File Include Exploit. CVE-2006-6232. Webapps exploit for php platform
idEDB-ID:1954
last seen2016-01-31
modified2006-06-25
published2006-06-25
reporterCrAsh_oVeR_rIdE
sourcehttps://www.exploit-db.com/download/1954/
titleDreamAccount <= 3.1 auth.api.php Remote File Include Exploit

References