CVE-2006-2877
CVE-2006-2877
PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlier allows remote attackers to include arbitrary PHP files via the include_prefix parameter in (1) inc/dbase.php, (2) inc/config.php, (3) inc/common.php, and (4) inc/function.php. NOTE: it has been reported that the inc directory is protected by a .htaccess file, so this issue only applies in certain environments or configurations.
Affected products
n/a · n/apublic PoCs found — 4
exploitdbwww.exploit-db.com/exploits/27975unverifiedexploitdbwww.exploit-db.com/exploits/27974unverifiedexploitdbwww.exploit-db.com/exploits/27973unverifiedexploitdbwww.exploit-db.com/exploits/27976unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://secunia.com/advisories/19758http://securityreason.com/securityalert/1058http://securitytracker.com/id?1016224https://exchange.xforce.ibmcloud.com/vulnerabilities/26933http://www.osvdb.org/26599http://www.osvdb.org/26600http://www.osvdb.org/26601http://www.osvdb.org/26602http://www.securityfocus.com/archive/1/435964/100/0/threadedhttp://www.securityfocus.com/archive/1/436027/100/0/threadedhttp://www.securityfocus.com/bid/18281