CVE-2006-4545

PHP remote file inclusion vulnerability in ModuleBased CMS Pre-Alpha allows remote attackers to execute arbitrary PHP code via the _SERVER parameter in (1) admin/avatar.php, (2) libs/archive.class.php, (3) libs/login.php, (4) libs/profiles.class.php, and (5) libs/profile/proccess.php. NOTE: CVE disputes this claim, as the _SERVER array and the _SERVER[DOCUMENT_ROOT] index are controlled by PHP and cannot be manipulated by an attacker
Configurations

Configuration 1 (hide)

cpe:2.3:a:modulebased_cms:modulebased_cms:pre-alpha:*:*:*:*:*:*:*

History

21 Nov 2024, 00:16

Type Values Removed Values Added
References () http://www.attrition.org/pipermail/vim/2006-September/001012.html - Exploit () http://www.attrition.org/pipermail/vim/2006-September/001012.html - Exploit
References () http://www.osvdb.org/29872 - () http://www.osvdb.org/29872 -
References () http://www.securityfocus.com/archive/1/444897/100/0/threaded - () http://www.securityfocus.com/archive/1/444897/100/0/threaded -
References () http://www.securityfocus.com/archive/1/445006/100/100/threaded - () http://www.securityfocus.com/archive/1/445006/100/100/threaded -
References () http://www.securityfocus.com/bid/19754 - Exploit () http://www.securityfocus.com/bid/19754 - Exploit

07 Nov 2023, 01:59

Type Values Removed Values Added
Summary ** DISPUTED ** PHP remote file inclusion vulnerability in ModuleBased CMS Pre-Alpha allows remote attackers to execute arbitrary PHP code via the _SERVER parameter in (1) admin/avatar.php, (2) libs/archive.class.php, (3) libs/login.php, (4) libs/profiles.class.php, and (5) libs/profile/proccess.php. NOTE: CVE disputes this claim, as the _SERVER array and the _SERVER[DOCUMENT_ROOT] index are controlled by PHP and cannot be manipulated by an attacker. PHP remote file inclusion vulnerability in ModuleBased CMS Pre-Alpha allows remote attackers to execute arbitrary PHP code via the _SERVER parameter in (1) admin/avatar.php, (2) libs/archive.class.php, (3) libs/login.php, (4) libs/profiles.class.php, and (5) libs/profile/proccess.php. NOTE: CVE disputes this claim, as the _SERVER array and the _SERVER[DOCUMENT_ROOT] index are controlled by PHP and cannot be manipulated by an attacker

Information

Published : 2006-09-06 00:04

Updated : 2025-04-03 01:03


NVD link : CVE-2006-4545

Mitre link : CVE-2006-4545

CVE.ORG link : CVE-2006-4545


JSON object : View

Products Affected

modulebased_cms

  • modulebased_cms