CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-2149

PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CONFIG[path] parameter, as demonstrated by including a GIF that contains PHP code.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.108

EPSS Ranking 93.0%

CVSS Severity

CVSS v2 Score 6.4

References

http://secunia.com/advisories/19911
http://www.osvdb.org/25158
http://www.securityfocus.com/bid/17940
http://www.vupen.com/english/advisories/2006/1587
https://exchange.xforce.ibmcloud.com/vulnerabilities/26189
https://www.exploit-db.com/exploits/1732
http://secunia.com/advisories/19911
http://www.osvdb.org/25158
http://www.securityfocus.com/bid/17940
http://www.vupen.com/english/advisories/2006/1587
https://exchange.xforce.ibmcloud.com/vulnerabilities/26189
https://www.exploit-db.com/exploits/1732

Products affected by CVE-2006-2149

Avatic » Aardvark Topsites Php » Version: 4.2.2

cpe:2.3:a:avatic:aardvark_topsites_php:4.2.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-2149

Products

Pricing

Contact Us