Jupiter CMS 1.1.5 Index.PHP Remote File Include Vulnerability
2006-08-26T00:00:00
ID EDB-ID:28430 Type exploitdb Reporter D3nGeR Modified 2006-08-26T00:00:00
Description
Jupiter CMS 1.1.5 Index.PHP Remote File Include Vulnerability. CVE-2006-4428. Webapps exploit for php platform
source: http://www.securityfocus.com/bid/19721/info
Jupiter CMS is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to gain access to the underlying system.
Version 1.1.5 is vulnerable to this issue; other versions may also be affected.
This BID has been retired.
http://www.example.com/path/index.php?template=[Evil Code]
{"id": "EDB-ID:28430", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Jupiter CMS 1.1.5 Index.PHP Remote File Include Vulnerability", "description": "Jupiter CMS 1.1.5 Index.PHP Remote File Include Vulnerability. CVE-2006-4428. Webapps exploit for php platform", "published": "2006-08-26T00:00:00", "modified": "2006-08-26T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/28430/", "reporter": "D3nGeR", "references": [], "cvelist": ["CVE-2006-4428"], "lastseen": "2016-02-03T08:09:24", "viewCount": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2016-02-03T08:09:24", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-4428"]}, {"type": "osvdb", "idList": ["OSVDB:28298"]}], "modified": "2016-02-03T08:09:24", "rev": 2}, "vulnersScore": 7.5}, "sourceHref": "https://www.exploit-db.com/download/28430/", "sourceData": "source: http://www.securityfocus.com/bid/19721/info\r\n\r\nJupiter CMS is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.\r\n\r\nAn attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to gain access to the underlying system.\r\n\r\nVersion 1.1.5 is vulnerable to this issue; other versions may also be affected.\r\n\r\nThis BID has been retired.\r\n\r\nhttp://www.example.com/path/index.php?template=[Evil Code]", "osvdbidlist": ["28298"]}
{"cve": [{"lastseen": "2020-10-03T11:48:17", "description": "** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter. NOTE: CVE disputes this claim, since the $template variable is defined as a static value before it is referenced in an include statement.", "edition": 3, "cvss3": {}, "published": "2006-08-29T00:04:00", "title": "CVE-2006-4428", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4428"], "modified": "2018-10-17T21:37:00", "cpe": ["cpe:/a:jupiter_cms:jupiter_cms:1.1.5"], "id": "CVE-2006-4428", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4428", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:jupiter_cms:jupiter_cms:1.1.5:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:24", "bulletinFamily": "software", "cvelist": ["CVE-2006-4428"], "edition": 1, "description": "## Vulnerability Description\nJupiter CMS has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the index.php script not properly sanitizing user input supplied to the 'template' variable. However, subsequent examination indicates that the variable is overwritten and an attacker can not manipulate it.\n## Solution Description\nThe vulnerability reported is incorrect. No solution required.\n## Short Description\nJupiter CMS has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the index.php script not properly sanitizing user input supplied to the 'template' variable. However, subsequent examination indicates that the variable is overwritten and an attacker can not manipulate it.\n## Manual Testing Notes\nhttp://[target]/path/index.php?template=[Evil Code]\n## References:\nVendor URL: http://www.jupiterportal.com/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0531.html\nMail List Post: http://attrition.org/pipermail/vim/2006-August/000996.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0493.html\n[CVE-2006-4428](https://vulners.com/cve/CVE-2006-4428)\nBugtraq ID: 19721\n", "modified": "2006-08-25T07:50:50", "published": "2006-08-25T07:50:50", "href": "https://vulners.com/osvdb/OSVDB:28298", "id": "OSVDB:28298", "type": "osvdb", "title": "Jupiter Content Manager index.php template Variable Remote File Inclusion", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
