CVE-2006-1477 - Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools PHP Live Helper 1.8 allow re

CVE-2006-1477

Summary

Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools PHP Live Helper 1.8 allow remote attackers to include and execute arbitrary PHP code via the abs_path parameter in (1) initiate.php, (2) waiting.php, (3) welcome.php, (4) admin/index.php, (5) javascript.php, (6) checkchat.php, and (7) blank.php. This vulnerability may affect all versions prior to 1.8 as well.

References

Vulnerable Configurations

cpe:2.3:a:turnkey_web_tools:php_live_helper:1.8:*:*:*:*:*:*:*
cpe:2.3:a:turnkey_web_tools:php_live_helper:1.8:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 18-10-2018 - 16:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	18509
bugtraq	20060327 PHPLiveHelper 1.8 remote command execution (include) Xploit (perl) 20060619 PHP Live Helper <=([abs_path]) Remote File Include Vulnerabilities 20060619 Re: PHP Live Helper <=([abs_path]) Remote File Include Vulnerabilities
misc	http://www.turnkeywebtools.com/forum/showthread.php?p=10415 http://www.worlddefacers.de/Public/WD-TMPLH.txt
osvdb	24193 24194 24195 24196 24197 24198 24199
secunia	19428
vupen	ADV-2006-1137
xf	phplivehelper-abspath-file-include(25489)

Last major update

18-10-2018 - 16:32

Published

29-03-2006 - 01:06

Last modified

18-10-2018 - 16:32