Published: 07/07/2006 Updated: 18/10/2018

CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9

VMScore: 520

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

PHP remote file inclusion vulnerability in SmartSiteCMS 1.0 and previous versions, when register_globals is enabled, allows remote malicious users to execute arbitrary PHP code via the root parameter in (1) comment.php, (2) admin/comedit.php, (3) admin/test.php, (4) admin/index.php, and (5) admin/include/inc_adminfoot.php, a different set of vectors than CVE-2006-3162.

Vulnerable Product	Search on Vulmon	Subscribe to Product
smartsitecms smartsitecms

# smartsite cms <= 10 Remote File Inclusion # # Contact : ircgigachatnet #ir4dex # Risk : High # Class : Remote # Script : smartsite cms # Version : not specified # URL: wwwsmartsitecmsnet/ --------------------------------------------------------------------- Vulnerable code : require($root "include/inc_footphp"); ------------- ...

smartsite cms v10 Multiple Remote File include ------------------------------------------------- Discovered By CrAsh_oVeR_rIdE Arabian Security Team ------------------------------------------------- site of script:wwwsmartsitecmsnet ------------------------------------------------- Vulnerable: smartsite cms v10 ------------------------------- ...

NVD-CWE-Other http://www.osvdb.org/26748 http://www.osvdb.org/26749 http://www.osvdb.org/26750 http://www.osvdb.org/26751 http://securitytracker.com/id?1016411 http://www.securityfocus.com/bid/18697 http://www.osvdb.org/26752 http://securityreason.com/securityalert/1198 http://www.securityfocus.com/archive/1/438581/100/100/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/1936/

CVE-2006-3421

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect