7.8 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.181 Low
EPSS
Percentile
96.1%
Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allow remote attackers to execute arbitrary PHP code via a URL in the libpath parameter to scripts in the lib directory including (1) ase.php, (2) devi.php, (3) doom3.php, (4) et.php, (5) flashpoint.php, (6) gameSpy.php, (7) gameSpy2.php, (8) gore.php, (9) gsvari.php, (10) halo.php, (11) hlife.php, (12) hlife2.php, (13) igi2.php, (14) main.lib.php, (15) netpanzer.php, (16) old_hlife.php, (17) pkill.php, (18) q2a.php, (19) q3a.php, (20) qworld.php, (21) rene.php, (22) rvbshld.php, (23) savage.php, (24) simracer.php, (25) sof1.php, (26) sof2.php, (27) unreal.php, (28) ut2004.php, and (29) vietcong.php. NOTE: the lib/armygame.php vector is already covered by CVE-2006-1610. The provenance of most of these additional vectors is unknown, although likely from post-disclosure analysis. NOTE: this only occurs when register_globals is disabled.
CPE | Name | Operator | Version |
---|---|---|---|
squery:squery | squery | le | 4.5 |
liz0zim.no-ip.org/alp.txt
secunia.com/advisories/19482
secunia.com/advisories/19588
securityreason.com/securityalert/679
securitytracker.com/id?1015884
www.blogcu.com/Liz0ziM/431845/
www.osvdb.org/24401
www.osvdb.org/24402
www.osvdb.org/24403
www.osvdb.org/24404
www.osvdb.org/24405
www.osvdb.org/24406
www.osvdb.org/24407
www.osvdb.org/24408
www.osvdb.org/24409
www.osvdb.org/24410
www.osvdb.org/24411
www.osvdb.org/24412
www.osvdb.org/24413
www.osvdb.org/24414
www.osvdb.org/24415
www.osvdb.org/24416
www.osvdb.org/24417
www.osvdb.org/24418
www.osvdb.org/24419
www.osvdb.org/24420
www.osvdb.org/24421
www.osvdb.org/24422
www.osvdb.org/24423
www.osvdb.org/24424
www.osvdb.org/24425
www.osvdb.org/24426
www.osvdb.org/24427
www.osvdb.org/24428
www.osvdb.org/24429
www.securityfocus.com/archive/1/430289/100/0/threaded
www.securityfocus.com/archive/1/439874/100/0/threaded
www.securityfocus.com/archive/1/441015/100/0/threaded
www.securityfocus.com/bid/17434
www.vupen.com/english/advisories/2006/1284