{"id": "CVE-2006-4189", "bulletinFamily": "NVD", "title": "CVE-2006-4189", "description": "Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3) browse.php, (4) cc.php, (5) click.php, (6) faq.php, (7) gallery.php, (8) im.php, (9) inbox.php, (10) join_form.php, (11) logout.php, (12) messages_inbox.php, and many other scripts.", "published": "2006-08-16T21:04:00", "modified": "2017-07-19T21:32:54", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4189", "reporter": "NVD", "references": ["http://www.vupen.com/english/advisories/2006/3346", "http://securitytracker.com/id?1016692", "http://www.securityfocus.com/bid/21182", "https://exchange.xforce.ibmcloud.com/vulnerabilities/28363"], "cvelist": ["CVE-2006-4189"], "type": "cve", "lastseen": "2017-07-20T10:49:28", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:boonex:dolphin:5.1"], "cvelist": ["CVE-2006-4189"], "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3) browse.php, (4) cc.php, (5) click.php, (6) faq.php, (7) gallery.php, (8) im.php, (9) inbox.php, (10) join_form.php, (11) logout.php, (12) messages_inbox.php, and many other scripts.", "edition": 1, "enchantments": {}, "hash": "1517c860a76a256091ec4506ccf7417ad75b0448a9133cd5a0c1dc3f5efff51f", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "ab7c0cf251ca26fa2f9e6152ae5ba706", "key": "description"}, {"hash": "62e581b56c4e988cb5f34239210c81ba", "key": "modified"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "f421377b19d7bc62330a89381396617e", "key": "cpe"}, {"hash": "9f483c339f07b1fd99eb666bd5a9f299", "key": "cvelist"}, {"hash": "88e04999358e76acae57a21bcf224d40", "key": "cvss"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6eba95031739e9ebae3a0cd77dff60e8", "key": "title"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "39e81c8117c4e75e48947886804779e6", "key": "references"}, {"hash": "4eaf60cb0eeb38af01e93c42dcac446e", "key": "published"}, {"hash": "a3c8583ca34240786239bb9f139bbed0", "key": "href"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4189", "id": "CVE-2006-4189", "lastseen": "2016-09-03T07:24:21", "modified": "2011-03-07T21:40:29", "objectVersion": "1.2", "published": "2006-08-16T21:04:00", "references": ["http://www.vupen.com/english/advisories/2006/3346", "http://securitytracker.com/id?1016692", "http://www.securityfocus.com/bid/21182", "http://xforce.iss.net/xforce/xfdb/28363"], "reporter": "NVD", "scanner": [], "title": "CVE-2006-4189", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T07:24:21"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "f421377b19d7bc62330a89381396617e"}, {"key": "cvelist", "hash": "9f483c339f07b1fd99eb666bd5a9f299"}, {"key": "cvss", "hash": "88e04999358e76acae57a21bcf224d40"}, {"key": "description", "hash": "ab7c0cf251ca26fa2f9e6152ae5ba706"}, {"key": "href", "hash": "a3c8583ca34240786239bb9f139bbed0"}, {"key": "modified", "hash": "200b8f83d86780a9ea2e1e7567c7ec86"}, {"key": "published", "hash": "4eaf60cb0eeb38af01e93c42dcac446e"}, {"key": "references", "hash": "da1d9ac7ca54b5f3948e575b2fe38d4f"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "6eba95031739e9ebae3a0cd77dff60e8"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "07d8eb0491e668ab632f684621cb8e69fc43cb58c4e43221c0fd9cadb97e5bd4", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2017-07-20T10:49:28"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:boonex:dolphin:5.1"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}

{"osvdb": [{"lastseen": "2017-04-28T13:20:24", "references": [], "edition": 1, "description": "## Vulnerability Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the aemodule.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the aemodule.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/aemodule.php?dir[inc]=[Evil Script]\n## References:\nVendor URL: http://www.boonex.com/products/dolphin/\nSecurity Tracker: 1016692\n[Secunia Advisory ID:21535](https://secuniaresearch.flexerasoftware.com/advisories/21535/)\nISS X-Force ID: 28363\nFrSIRT Advisory: ADV-2006-3346\n[CVE-2006-4189](https://vulners.com/cve/CVE-2006-4189)\n", "reporter": "Charles Nelwan a.k.a Cmaster4(bugtraq_indo@yahoo.com)", "published": "2006-08-14T02:49:04", "type": "osvdb", "title": "Dolphin aemodule.php dir[inc] Variable Remote File Inclusion", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Dolphin", "version": "5.1", "operator": "eq"}], "cvelist": ["CVE-2006-4189"], "modified": "2006-08-14T02:49:04", "href": "https://vulners.com/osvdb/OSVDB:28469", "id": "OSVDB:28469", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:24", "references": [], "edition": 1, "description": "## Vulnerability Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the contact.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the contact.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/contact.php?dir[inc]=[Evil Script]\n## References:\nVendor URL: http://www.boonex.com/products/dolphin/\nSecurity Tracker: 1016692\n[Secunia Advisory ID:21535](https://secuniaresearch.flexerasoftware.com/advisories/21535/)\nISS X-Force ID: 28363\nFrSIRT Advisory: ADV-2006-3346\n[CVE-2006-4189](https://vulners.com/cve/CVE-2006-4189)\n", "reporter": "Charles Nelwan a.k.a Cmaster4(bugtraq_indo@yahoo.com)", "published": "2006-08-14T02:49:04", "type": "osvdb", "title": "Dolphin contact.php dir[inc] Variable Remote File Inclusion", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Dolphin", "version": "5.1", "operator": "eq"}], "cvelist": ["CVE-2006-4189"], "modified": "2006-08-14T02:49:04", "href": "https://vulners.com/osvdb/OSVDB:28480", "id": "OSVDB:28480", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:24", "references": [], "edition": 1, "description": "## Vulnerability Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the gallery.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the gallery.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/gallery.php?dir[inc]=[Evil Script]\n## References:\nVendor URL: http://www.boonex.com/products/dolphin/\nSecurity Tracker: 1016692\n[Secunia Advisory ID:21535](https://secuniaresearch.flexerasoftware.com/advisories/21535/)\nISS X-Force ID: 28363\nFrSIRT Advisory: ADV-2006-3346\n[CVE-2006-4189](https://vulners.com/cve/CVE-2006-4189)\n", "reporter": "Charles Nelwan a.k.a Cmaster4(bugtraq_indo@yahoo.com)", "published": "2006-08-14T02:49:04", "type": "osvdb", "title": "Dolphin gallery.php dir[inc] Variable Remote File Inclusion", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Dolphin", "version": "5.1", "operator": "eq"}], "cvelist": ["CVE-2006-4189"], "modified": "2006-08-14T02:49:04", "href": "https://vulners.com/osvdb/OSVDB:28486", "id": "OSVDB:28486", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:24", "references": [], "edition": 1, "description": "## Vulnerability Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the index.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the index.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/index.php?dir[inc]=\n## References:\nVendor URL: http://www.boonex.com/products/dolphin/\nSecurity Tracker: 1016692\n[Secunia Advisory ID:21535](https://secuniaresearch.flexerasoftware.com/advisories/21535/)\nISS X-Force ID: 28363\nFrSIRT Advisory: ADV-2006-3346\n[CVE-2006-4189](https://vulners.com/cve/CVE-2006-4189)\n", "reporter": "Charles Nelwan a.k.a Cmaster4(bugtraq_indo@yahoo.com)", "published": "2006-08-14T02:49:04", "type": "osvdb", "title": "Dolphin index.php dir[inc] Variable Remote File Inclusion", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Dolphin", "version": "5.1", "operator": "eq"}], "cvelist": ["CVE-2006-4189"], "modified": "2006-08-14T02:49:04", "href": "https://vulners.com/osvdb/OSVDB:28492", "id": "OSVDB:28492", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:24", "references": [], "edition": 1, "description": "## Vulnerability Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the join_form.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the join_form.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/join_form.php?dir[inc]=[Evil Script]\n## References:\nVendor URL: http://www.boonex.com/products/dolphin/\nSecurity Tracker: 1016692\n[Secunia Advisory ID:21535](https://secuniaresearch.flexerasoftware.com/advisories/21535/)\nISS X-Force ID: 28363\nFrSIRT Advisory: ADV-2006-3346\n[CVE-2006-4189](https://vulners.com/cve/CVE-2006-4189)\n", "reporter": "Charles Nelwan a.k.a Cmaster4(bugtraq_indo@yahoo.com)", "published": "2006-08-14T02:49:04", "type": "osvdb", "title": "Dolphin join_form.php dir[inc] Variable Remote File Inclusion", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Dolphin", "version": "5.1", "operator": "eq"}], "cvelist": ["CVE-2006-4189"], "modified": "2006-08-14T02:49:04", "href": "https://vulners.com/osvdb/OSVDB:28494", "id": "OSVDB:28494", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:24", "references": [], "edition": 1, "description": "## Vulnerability Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the privacy.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the privacy.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/privacy.php?dir[inc]=[Evil Script]\n## References:\nVendor URL: http://www.boonex.com/products/dolphin/\nSecurity Tracker: 1016692\n[Secunia Advisory ID:21535](https://secuniaresearch.flexerasoftware.com/advisories/21535/)\nISS X-Force ID: 28363\nFrSIRT Advisory: ADV-2006-3346\n[CVE-2006-4189](https://vulners.com/cve/CVE-2006-4189)\n", "reporter": "Charles Nelwan a.k.a Cmaster4(bugtraq_indo@yahoo.com)", "published": "2006-08-14T02:49:04", "type": "osvdb", "title": "Dolphin privacy.php dir[inc] Variable Remote File Inclusion", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Dolphin", "version": "5.1", "operator": "eq"}], "cvelist": ["CVE-2006-4189"], "modified": "2006-08-14T02:49:04", "href": "https://vulners.com/osvdb/OSVDB:28507", "id": "OSVDB:28507", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:24", "references": [], "edition": 1, "description": "## Vulnerability Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the im.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the im.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/im.php?dir[inc]=[Evil Script]\n## References:\nVendor URL: http://www.boonex.com/products/dolphin/\nSecurity Tracker: 1016692\n[Secunia Advisory ID:21535](https://secuniaresearch.flexerasoftware.com/advisories/21535/)\nISS X-Force ID: 28363\nFrSIRT Advisory: ADV-2006-3346\n[CVE-2006-4189](https://vulners.com/cve/CVE-2006-4189)\n", "reporter": "Charles Nelwan a.k.a Cmaster4(bugtraq_indo@yahoo.com)", "published": "2006-08-14T02:49:04", "type": "osvdb", "title": "Dolphin im.php dir[inc] Variable Remote File Inclusion", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Dolphin", "version": "5.1", "operator": "eq"}], "cvelist": ["CVE-2006-4189"], "modified": "2006-08-14T02:49:04", "href": "https://vulners.com/osvdb/OSVDB:28489", "id": "OSVDB:28489", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:24", "references": [], "edition": 1, "description": "## Vulnerability Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the story_view.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the story_view.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/story_view.php?dir[inc]=[Evil Script]\n## References:\nVendor URL: http://www.boonex.com/products/dolphin/\nSecurity Tracker: 1016692\n[Secunia Advisory ID:21535](https://secuniaresearch.flexerasoftware.com/advisories/21535/)\nISS X-Force ID: 28363\nFrSIRT Advisory: ADV-2006-3346\n[CVE-2006-4189](https://vulners.com/cve/CVE-2006-4189)\n", "reporter": "Charles Nelwan a.k.a Cmaster4(bugtraq_indo@yahoo.com)", "published": "2006-08-14T02:49:04", "type": "osvdb", "title": "Dolphin story_view.php dir[inc] Variable Remote File Inclusion", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Dolphin", "version": "5.1", "operator": "eq"}], "cvelist": ["CVE-2006-4189"], "modified": "2006-08-14T02:49:04", "href": "https://vulners.com/osvdb/OSVDB:28525", "id": "OSVDB:28525", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:24", "references": [], "edition": 1, "description": "## Vulnerability Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the stories.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the stories.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/stories.php?dir[inc]=[Evil Script]\n## References:\nVendor URL: http://www.boonex.com/products/dolphin/\nSecurity Tracker: 1016692\n[Secunia Advisory ID:21535](https://secuniaresearch.flexerasoftware.com/advisories/21535/)\nISS X-Force ID: 28363\nFrSIRT Advisory: ADV-2006-3346\n[CVE-2006-4189](https://vulners.com/cve/CVE-2006-4189)\n", "reporter": "Charles Nelwan a.k.a Cmaster4(bugtraq_indo@yahoo.com)", "published": "2006-08-14T02:49:04", "type": "osvdb", "title": "Dolphin stories.php dir[inc] Variable Remote File Inclusion", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Dolphin", "version": "5.1", "operator": "eq"}], "cvelist": ["CVE-2006-4189"], "modified": "2006-08-14T02:49:04", "href": "https://vulners.com/osvdb/OSVDB:28523", "id": "OSVDB:28523", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:24", "references": [], "edition": 1, "description": "## Vulnerability Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the change_status.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nDolphin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the change_status.php script not properly sanitizing user input supplied to the 'dir[inc]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/change_status.php?dir[inc]=[Evil Script]\n## References:\nVendor URL: http://www.boonex.com/products/dolphin/\nSecurity Tracker: 1016692\n[Secunia Advisory ID:21535](https://secuniaresearch.flexerasoftware.com/advisories/21535/)\nISS X-Force ID: 28363\nFrSIRT Advisory: ADV-2006-3346\n[CVE-2006-4189](https://vulners.com/cve/CVE-2006-4189)\n", "reporter": "Charles Nelwan a.k.a Cmaster4(bugtraq_indo@yahoo.com)", "published": "2006-08-14T02:49:04", "type": "osvdb", "title": "Dolphin change_status.php dir[inc] Variable Remote File Inclusion", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Dolphin", "version": "5.1", "operator": "eq"}], "cvelist": ["CVE-2006-4189"], "modified": "2006-08-14T02:49:04", "href": "https://vulners.com/osvdb/OSVDB:28476", "id": "OSVDB:28476", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}