CVE-2006-6167 - Multiple PHP remote file inclusion vulnerabilities in L. Brandon Stone and Nathanial P. Hendler Acti

CVE-2006-6167

Summary

Multiple PHP remote file inclusion vulnerabilities in L. Brandon Stone and Nathanial P. Hendler Active PHP Bookmarks (APB) 1.1.02 allow remote attackers to execute arbitrary PHP code via a URL in the APB_SETTINGS['apb_path'] parameter in (1) apb_common.php or (2) apb.php. NOTE: CVE and another third party dispute this vulnerability because these PHP scripts exit if the attack vectors are present in GPC variables

References

Vulnerable Configurations

cpe:2.3:a:active_php_bookmarks:active_php_bookmarks:1.1.02:*:*:*:*:*:*:*
cpe:2.3:a:active_php_bookmarks:active_php_bookmarks:1.1.02:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 11-04-2024 - 00:41)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	21263 23670
bugtraq	20061123 Active PHP Bookmarks (apb.php) Remote file include 20061124 Re: Active PHP Bookmarks (apb.php) Remote file include
osvdb	31956
xf	apb-apbpath-file-include(30518)

Last major update

11-04-2024 - 00:41

Published

29-11-2006 - 02:28

Last modified

11-04-2024 - 00:41