Vulnerabilities > CVE-2006-7068 - Remote File Include vulnerability in CliServ Web Community

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

cliserv

exploit available

NVD

Published: 2007-03-02

Updated: 2017-10-11

Summary

PHP remote file inclusion vulnerability in CliServ Web Community 0.65 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cl_headers parameter to (1) menu.php3 and (2) login.php3.

Vulnerable Configurations

Part	Description	Count
Application	Cliserv Cliserv WEB Community 0.50 Cliserv WEB Community 0.60 Cliserv WEB Community 0.61 Cliserv WEB Community 0.65	4

Exploit-Db

description	CliServ Web Community <= 0.65 (cl_headers) Include Vulnerability. CVE-2006-7068. Webapps exploit for php platform
file	exploits/php/webapps/2257.txt
id	EDB-ID:2257
last seen	2016-01-31
modified	2006-08-25
platform	php
port
published	2006-08-25
reporter	Kacper
source	https://www.exploit-db.com/download/2257/
title	CliServ Web Community <= 0.65 cl_headers Include Vulnerability
type	webapps

Summary

Vulnerable Configurations

Exploit-Db

References