← back
CVE-2006-4733

CVE-2006-4733

EPSS 3.2%
PHP remote file inclusion vulnerability in sipssys/code/box.inc.php in Haakon Nilsen simple, integrated publishing system (SIPS) 0.3.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the config[sipssys] parameter. NOTE: the product's documentation recommends placing the affected file outside of the web root, so the scope of issue is limited to admins who do not, or cannot, follow this recommendation.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/3245unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://securityreason.com/securityalert/1549http://sips.cvs.sourceforge.net/sips/sips/sipssys/code/box.inc.php?revision=1.9&view=markuphttps://www.exploit-db.com/exploits/3245http://www.attrition.org/pipermail/vim/2007-February/001268.htmlhttp://www.securityfocus.com/archive/1/445770/100/0/threadedhttp://www.securityfocus.com/bid/19945