CVE-2006-3175
CVE-2006-3175
Multiple PHP remote file inclusion vulnerabilities in mcGuestbook 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) admin.php, (2) ecrire.php, and (3) lire.php. NOTE: it was later reported that the ecrire.php vector also affects 1.2. NOTE: this issue might be limited to a race condition during installation or an improper installation, since a completed installation creates an include file that prevents external control of the $lang variable.
Affected products
n/a · n/apublic PoCs found — 3
exploitdbwww.exploit-db.com/exploits/28035unverifiedexploitdbwww.exploit-db.com/exploits/28036unverifiedexploitdbwww.exploit-db.com/exploits/28037unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://securityreason.com/securityalert/1125https://exchange.xforce.ibmcloud.com/vulnerabilities/27114http://www.osvdb.org/27460http://www.osvdb.org/27461http://www.osvdb.org/27462http://www.securityfocus.com/archive/1/437028/100/200/threadedhttp://www.securityfocus.com/archive/1/437448/100/0/threadedhttp://www.securityfocus.com/bid/18476