Vulnerabilities > CVE-2006-6850 - Remote File Include vulnerability in Shadowed Works Shadowed Portal 5.7

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
shadowed-works
exploit available
NVD
Published: 2006-12-31
Updated: 2017-10-19

Summary

PHP remote file inclusion vulnerability in include.php in the Roster Module (character_roster) in Shadowed Portal 5.7 allows remote attackers to execute arbitrary PHP code via a URL in the mod_root parameter.

Vulnerable Configurations

Part Description Count
Application
Shadowed_Works
1

Exploit-Db

descriptionShadowed Portal Module Character Roster (mod_root) RFI Vulnerability. CVE-2006-6850. Webapps exploit for php platform
fileexploits/php/webapps/3009.txt
idEDB-ID:3009
last seen2016-01-31
modified2006-12-25
platformphp
port
published2006-12-25
reporterMehmet Ince
sourcehttps://www.exploit-db.com/download/3009/
titleShadowed Portal Module Character Roster mod_root RFI Vulnerability
typewebapps

References