PHP remote file inclusion vulnerability in lib/rs.php in 2le.net Castor PHP Web Builder 1.1.1 allows remote attackers to execute arbitrary PHP code via the rootpath parameter.
References
| Link | Resource |
|---|---|
| http://secunia.com/advisories/22527 | Exploit Vendor Advisory |
| http://www.securityfocus.com/bid/20658 | Exploit |
| http://www.vupen.com/english/advisories/2006/4143 | Vendor Advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/29704 | |
| https://www.exploit-db.com/exploits/2606 | |
| http://secunia.com/advisories/22527 | Exploit Vendor Advisory |
| http://www.securityfocus.com/bid/20658 | Exploit |
| http://www.vupen.com/english/advisories/2006/4143 | Vendor Advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/29704 | |
| https://www.exploit-db.com/exploits/2606 |
Configurations
History
21 Nov 2024, 00:19
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://secunia.com/advisories/22527 - Exploit, Vendor Advisory | |
| References | () http://www.securityfocus.com/bid/20658 - Exploit | |
| References | () http://www.vupen.com/english/advisories/2006/4143 - Vendor Advisory | |
| References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/29704 - | |
| References | () https://www.exploit-db.com/exploits/2606 - |
Information
Published : 2006-10-24 20:07
Updated : 2024-11-21 00:19
NVD link : CVE-2006-5480
Mitre link : CVE-2006-5480
CVE.ORG link : CVE-2006-5480
JSON object : View
Products Affected
castor
- php_web_builder
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')