Vulnerabilities > CVE-2006-6592 - Remote File Include vulnerability in PHP Bloq 0.5.4

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
php
exploit available
NVD
Published: 2006-12-15
Updated: 2018-10-17

Summary

Multiple PHP remote file inclusion vulnerabilities in Bloq 0.5.4 allow remote attackers to execute arbitrary PHP code via a URL in the page[path] parameter to (1) index.php, (2) admin.php, (3) rss.php, (4) rdf.php, (5) rss2.php, or (6) files/mainfile.php.

Vulnerable Configurations

Part Description Count
Application
Php
1

Exploit-Db

  • descriptionBloq 0.5.4 rdf.php page[path] Parameter Remote File Inclusion. CVE-2006-6592. Webapps exploit for php platform
    idEDB-ID:28801
    last seen2016-02-03
    modified2006-10-13
    published2006-10-13
    reporterKorsaN
    sourcehttps://www.exploit-db.com/download/28801/
    titleBloq 0.5.4 - rdf.php pagepath Parameter Remote File Inclusion
  • descriptionBloq 0.5.4 rss2.php page[path] Parameter Remote File Inclusion. CVE-2006-6592. Webapps exploit for php platform
    idEDB-ID:28800
    last seen2016-02-03
    modified2006-10-13
    published2006-10-13
    reporterKorsaN
    sourcehttps://www.exploit-db.com/download/28800/
    titleBloq 0.5.4 - rss2.php pagepath Parameter Remote File Inclusion
  • descriptionBloq 0.5.4 rss.php page[path] Parameter Remote File Inclusion. CVE-2006-6592. Webapps exploit for php platform
    idEDB-ID:28799
    last seen2016-02-03
    modified2006-10-13
    published2006-10-13
    reporterKorsaN
    sourcehttps://www.exploit-db.com/download/28799/
    titleBloq 0.5.4 - rss.php pagepath Parameter Remote File Inclusion
  • descriptionBloq 0.5.4 admin.php page[path] Parameter Remote File Inclusion. CVE-2006-6592. Webapps exploit for php platform
    idEDB-ID:28798
    last seen2016-02-03
    modified2006-10-13
    published2006-10-13
    reporterKorsaN
    sourcehttps://www.exploit-db.com/download/28798/
    titleBloq 0.5.4 - admin.php pagepath Parameter Remote File Inclusion
  • descriptionBloq 0.5.4 files/mainfile.php page[path] Parameter Remote File Inclusion. CVE-2006-6592. Webapps exploit for php platform
    idEDB-ID:28802
    last seen2016-02-03
    modified2006-10-13
    published2006-10-13
    reporterKorsaN
    sourcehttps://www.exploit-db.com/download/28802/
    titleBloq 0.5.4 - files/mainfile.php pagepath Parameter Remote File Inclusion
  • descriptionBloq 0.5.4 index.php page[path] Parameter Remote File Inclusion. CVE-2006-6592. Webapps exploit for php platform
    idEDB-ID:28797
    last seen2016-02-03
    modified2006-10-13
    published2006-10-13
    reporterKorsaN
    sourcehttps://www.exploit-db.com/download/28797/
    titleBloq 0.5.4 - index.php pagepath Parameter Remote File Inclusion

References