Vulnerabilities > CVE-2006-7184 - Remote File Include vulnerability in Exhibit Engine Toroot Parameter
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple PHP remote file inclusion vulnerabilities in Exhibit Engine (EE) 1.22, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to (1) fetchsettings.php or (2) fstyles.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description Exhibit Engine 1.22 fetchsettings.php toroot Parameter Remote File Inclusion. CVE-2006-7184 . Webapps exploit for php platform id EDB-ID:28873 last seen 2016-02-03 modified 2006-10-30 published 2006-10-30 reporter Cyber Security source https://www.exploit-db.com/download/28873/ title Exhibit Engine 1.22 fetchsettings.php toroot Parameter Remote File Inclusion description Exhibit Engine 1.22 fstyles.php toroot Parameter Remote File Inclusion. CVE-2006-7184. Webapps exploit for php platform id EDB-ID:28874 last seen 2016-02-03 modified 2006-10-30 published 2006-10-30 reporter Cyber Security source https://www.exploit-db.com/download/28874/ title Exhibit Engine 1.22 fstyles.php toroot Parameter Remote File Inclusion
Nessus
| NASL family | CGI abuses |
| NASL id | EXHIBIT_ENGINE_RFI.NASL |
| description | The remote web server is running Exhibit Engine, a PHP based photo gallery management system. The version of Exhibit Engine installed on the remote host fails to sanitize input to the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 23640 |
| published | 2006-11-14 |
| reporter | This script is Copyright (C) 2006-2018 Justin Seitz |
| source | https://www.tenable.com/plugins/nessus/23640 |
| title | Exhibit Engine styles.php toroot Parameter Remote File Inclusion |