Rapid7 Vulnerability & Exploit Database

Gentoo Linux: CVE-2006-1819: phpWebSite: Local file inclusion

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

Gentoo Linux: CVE-2006-1819: phpWebSite: Local file inclusion

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

04/18/2006

Created

07/25/2018

Added

10/30/2017

Modified

10/30/2017

Description

Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hub_dir parameter, as demonstrated by including access_log. NOTE: in some cases, arbitrary remote file inclusion could be performed under PHP 5 using an SMB share argument such as "\\systemname\sharename".

Solution(s)

gentoo-linux-upgrade-www-apps-phpwebsite

References

https://attackerkb.com/topics/cve-2006-1819
17521
CVE - 2006-1819
200605-04
25867

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;