← back
CVE-2006-6041

CVE-2006-6041

EPSS 3.5%
Multiple PHP remote file inclusion vulnerabilities in Laurent Van den Reysen WORK system e-commerce 3.0.2, and other versions before 3.0.4, allow remote attackers to execute arbitrary PHP code via a URL in the g_include parameter to (1) index.php, (2) module/forum/forum.php, (3) unspecified files under module/, and (4) unspecified files under administration/module/.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/2752unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/22963http://securitytracker.com/id?1017249https://exchange.xforce.ibmcloud.com/vulnerabilities/30199https://www.exploit-db.com/exploits/2752http://www.securityfocus.com/archive/1/451860/100/200/threadedhttp://www.securityfocus.com/archive/1/454269/100/0/threadedhttp://www.vupen.com/english/advisories/2006/4582