Vulnerabilities > CVE-2006-7052 - Remote File Include vulnerability in Keith Reichley Dotwidget for Articles 0.2

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
keith-reichley
critical
exploit available
NVD
Published: 2007-02-24
Updated: 2017-07-29

Summary

Multiple PHP remote file inclusion vulnerabilities in DotWidget For Articles (dotwidgeta) 0.2 allow remote attackers to execute arbitrary code via a URL in the (1) file_path parameter to (a) index.php, (b) showcatpicks.php, and (c) showarticle.php; and the (2) admin_header_file and (3) admin_footer_file parameters to (d) admin/authors.php, (e) admin/index.php, (f) admin/categories.php, (g) admin/editconfig.php, and (h) admin/articles.php.

Vulnerable Configurations

Part Description Count
Application
Keith_Reichley
1

Exploit-Db

  • descriptiondotWidget for articles 2.0 showarticle.php file_path Parameter Remote File Inclusion. CVE-2006-7052. Webapps exploit for php platform
    idEDB-ID:28040
    last seen2016-02-03
    modified2006-06-03
    published2006-06-03
    reporterSwEET-DeViL
    sourcehttps://www.exploit-db.com/download/28040/
    titledotWidget for articles 2.0 showarticle.php file_path Parameter Remote File Inclusion
  • descriptiondotWidget for articles 2.0 admin/index.php Multiple Parameter Remote File Inclusion. CVE-2006-7052. Webapps exploit for php platform
    idEDB-ID:28043
    last seen2016-02-03
    modified2006-06-03
    published2006-06-03
    reporterSwEET-DeViL
    sourcehttps://www.exploit-db.com/download/28043/
    titledotWidget for articles 2.0 admin/index.php Multiple Parameter Remote File Inclusion
  • descriptiondotWidget for articles 2.0 admin/authors.php Multiple Parameter Remote File Inclusion. CVE-2006-7052 . Webapps exploit for php platform
    idEDB-ID:28041
    last seen2016-02-03
    modified2006-06-03
    published2006-06-03
    reporterSwEET-DeViL
    sourcehttps://www.exploit-db.com/download/28041/
    titledotWidget for articles 2.0 admin/authors.php Multiple Parameter Remote File Inclusion
  • descriptiondotWidget for articles 2.0 admin/articles.php Multiple Parameter Remote File Inclusion. CVE-2006-7052. Webapps exploit for php platform
    idEDB-ID:28042
    last seen2016-02-03
    modified2006-06-03
    published2006-06-03
    reporterSwEET-DeViL
    sourcehttps://www.exploit-db.com/download/28042/
    titledotWidget for articles 2.0 admin/articles.php Multiple Parameter Remote File Inclusion
  • descriptiondotWidget for articles 2.0 showcatpicks.php file_path Parameter Remote File Inclusion. CVE-2006-7052. Webapps exploit for php platform
    idEDB-ID:28039
    last seen2016-02-03
    modified2006-06-03
    published2006-06-03
    reporterSwEET-DeViL
    sourcehttps://www.exploit-db.com/download/28039/
    titledotWidget for articles 2.0 showcatpicks.php file_path Parameter Remote File Inclusion
  • descriptiondotWidget for articles 2.0 admin/categories.php Multiple Parameter Remote File Inclusion. CVE-2006-7052. Webapps exploit for php platform
    idEDB-ID:28045
    last seen2016-02-03
    modified2006-06-03
    published2006-06-03
    reporterSwEET-DeViL
    sourcehttps://www.exploit-db.com/download/28045/
    titledotWidget for articles 2.0 admin/categories.php Multiple Parameter Remote File Inclusion
  • descriptiondotWidget for articles 2.0 admin/editconfig.php Multiple Parameter Remote File Inclusion. CVE-2006-7052. Webapps exploit for php platform
    idEDB-ID:28046
    last seen2016-02-03
    modified2006-06-03
    published2006-06-03
    reporterSwEET-DeViL
    sourcehttps://www.exploit-db.com/download/28046/
    titledotWidget for articles 2.0 admin/editconfig.php Multiple Parameter Remote File Inclusion

References