← voltar
CVE-2006-1994

CVE-2006-1994

EPSS 3.4%
PHP remote file inclusion vulnerability in dForum 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DFORUM_PATH parameter to (1) about.php, (2) admin.php, (3) anmelden.php, (4) losethread.php, (5) config.php, (6) delpost.php, (7) delthread.php, (8) dfcode.php, (9) download.php, (10) editanoc.php, (11) forum.php, (12) login.php, (13) makethread.php, (14) menu.php, (15) newthread.php, (16) openthread.php, (17) overview.php, (18) post.php, (19) suchen.php, (20) user.php, (21) userconfig.php, (22) userinfo.php, and (23) verwalten.php.
Produtos afetados
n/a · n/a
PoCs públicas encontradas1
exploitdbwww.exploit-db.com/exploits/1706não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045369.htmlhttp://secunia.com/advisories/19788https://exchange.xforce.ibmcloud.com/vulnerabilities/26035http://www.nukedx.com/?viewdoc=27http://www.securityfocus.com/archive/1/431758http://www.securityfocus.com/bid/17650http://www.vupen.com/english/advisories/2006/1482