Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2006-4063

Published: 10/08/2006 Updated: 19/10/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 770
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Csaba Godor

Vulnerability Summary

Multiple PHP remote file inclusion vulnerabilities in Csaba Godor SAPID Blog Beta 2 and previous versions allow remote malicious users to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_blog_infochannel.inc.php, (b) usr/extensions/get_blog_meta_info.inc.php, or (c) usr/extensions/get_infochannel.inc.php; or the (2) GLOBALS[root_path] parameter to (d) usr/extensions/get_tree.inc.php.

Vulnerable Product Search on Vulmon Subscribe to Product

csaba godor sapid blog beta 2 initial

Exploits

Exploit DB: SAPID Gallery 1.0 - 'ROOT_PATH' Remote File Inclusion
$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$ $$ $$ SAPID Gallery <= v1 (root_path) Remote File Include Vulnerability $$ Script site: sapidsourceforgenet/ $$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$ $$ Find by: Kacper (aka Rahim) $$ $$ Contact: kacper1964@yahoopl or http ...
Exploit DB: SAPID 1.2.3.05 - 'ROOT_PATH' Remote File Inclusion
$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$ $$ $$ SAPID CMS <= v 12305 (root_path) Remote File Include Vulnerability $$ Script site: sapidsourceforgenet/ $$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$ $$ Find by: Kacper (aka Rahim) $$ $$ Contact: kacper1964@yahoopl or ...
Exploit DB: SAPID Blog Beta 2 - 'ROOT_PATH' Remote File Inclusion
$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$ $$ $$ SAPID Blog <= Beta 2 (root_path) Remote File Include Vulnerability $$ Script site: sapidsourceforgenet/ $$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$ $$ Find by: Kacper (aka Rahim) $$ $$ Contact: kacper1964@yahoopl or http ...
Exploit DB: SAPID Shop 1.2 - 'ROOT_PATH' Remote File Inclusion
$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$ $$ $$ SAPID Shop <= v12 (root_path) Remote File Include Vulnerability $$ Script site: sapidsourceforgenet/ $$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$ $$ Find by: Kacper (aka Rahim) $$ $$ Contact: kacper1964@yahoopl or http: ...

References

NVD-CWE-Otherhttp://www.vupen.com/english/advisories/2006/3196https://exchange.xforce.ibmcloud.com/vulnerabilities/28251https://www.exploit-db.com/exploits/2129https://nvd.nist.govhttps://www.exploit-db.com/exploits/2130/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693CVE-2024-30851CVE-2024-34460CVE-2024-2887localCVE-2024-27956remote code executionCVE-2024-34475privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook