← back
CVE-2006-5115

CVE-2006-5115

EPSS 2.4%
Directory traversal vulnerability in kgcall.php in KGB 1.87 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the engine parameter, as demonstrated by uploading a file containing PHP code with an image/jpeg content type, and then referencing this file through the engine parameter.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/2447unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/22152https://exchange.xforce.ibmcloud.com/vulnerabilities/29235https://www.exploit-db.com/exploits/2447http://www.securityfocus.com/bid/20258http://www.vupen.com/english/advisories/2006/3844