CVE-2006-0786

Loading...

General

Score:5.1/10.0
Severity:Medium
Category:N/A
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:High
Authentication:None

Published on 19/02/06 - Updated on 05/09/08

Description

Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier, with allow_url_fopen enabled, allows remote attackers to conduct PHP remote file include attacks via a path parameter that specifies a (1) UNC share or (2) ftps URL, which bypasses the check for "http://", "ftp://", and "https://" URLs.

Category:

There is insufficient information about the issue to classify it; details are unknown or unspecified.

Security Notices

US National Vulnerability DatabaseCVE-2006-0786

Exploits

Exploit-DBEDB-1501

Relative technologies

VendorProduct
phpkitphpkit

Share this vulnerability with:

Twitter Facebook LinkedIn Mail