Vulnerabilities > CVE-2006-6516 - Input Validation vulnerability in KDPics

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
kdpics
exploit available
NVD
Published: 2006-12-14
Updated: 2018-10-17

Summary

Multiple PHP remote file inclusion vulnerabilities in KDPics 1.16 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) page parameter to (a) index.php3, or the (2) lib_path parameter to (b) authenticate.inc.php3 or (c) lib/exifer/exif.php.

Vulnerable Configurations

Part Description Count
Application
Kdpics
1

Exploit-Db

descriptionKDPics <= 1.11 (exif.php lib_path) Remote File Include Vulnerability. CVE-2006-6516,CVE-2006-6517. Webapps exploit for php platform
fileexploits/php/webapps/3263.txt
idEDB-ID:3263
last seen2016-01-31
modified2007-02-03
platformphp
port
published2007-02-03
reporterAsTrex
sourcehttps://www.exploit-db.com/download/3263/
titleKDPics <= 1.11 exif.php lib_path Remote File Include Vulnerability
typewebapps

References