CVE-2006-0887
published 2006-02-25CVE-2006-0887: Eval injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a, when index.php3 from the PHPLib distribution is available on the server…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.46%
87.6th percentile
Eval injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a, when index.php3 from the PHPLib distribution is available on the server, allows remote attackers to execute arbitrary PHP code by including a base64-encoded representation of the code in a cookie. NOTE: this description was significantly updated on 20060605 to reflect new details after an initial vague advisory.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phplib_team | phplib | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
PHPLib < 7.4 - SQL Injection
exploitdb·2016-03-05·CVSS 7.5
CVE-2006-0887 [HIGH] PHPLib < 7.4 - SQL Injection
PHPLib newid=true;
$this->name = $this->cookiename==""?$this->classname:$this->cookiename;
if ( "" == $id ) {
$this->newid=false;
switch ($this->mode) {
case "get":
$id = isset($HTTP_GET_VARS[$this->name]) ?
$HTTP_GET_VARS[$this->name] :
( isset($HTTP_POST_VARS[$this->name]) ?
$HTTP_POST_VARS[$this->name] :
"") ;
break;
case "cookie":
$id = isset($HTTP_COOKIE_VARS[$this->name]) ?
$HTTP_COOKIE_VARS[$this->name] : "";
break;
default:
die("This has not been coded yet.");
break;
}
}
### do not accept user provided ids for creation
if($id != "" && $this->block_alien_sid) { # somehow an id was provided by the user
if($this->that->ac_get_value($id, $this->name) == "") {
# no - the id doesn't exist in the database: Ignore it!
$id = "";
}
}
The above code is from sessions.inc @ lines 85-121. Th
Exploit-DB
Axigen 2.0.0b1 - Remote Denial of Service (2)
exploitdb·2007-02-08
CVE-2007-0887 Axigen 2.0.0b1 - Remote Denial of Service (2)
Axigen 2.0.0b1 - Remote Denial of Service (2)
---
/* doaxigen-v2.c
*
* axigen 1.2.6 - 2.0.0b1 DoS (x86-lnx)
* by mu-b - Sun Oct 29 2006
*
* - Tested on: AXIGEN 1.2.6 (lnx)
* AXIGEN 2.0.0b1 (lnx)
*
* parsing error results in login without username & password!
* which in turn causes a NULL pointer dereference..
*/
/* dGFicyBhcmUgZm9yIGZhZ2dvdHNcIQ== */
#include
#include
#include
#include
#include
#include
#include
#include
#define BUF_SIZE 1024
#define BBUF_SIZE BUF_SIZE/3*4+1
#define AUTH_CMD "1 AUTHENTICATE PLAIN\r\n"
#define APPEND_CMD "2 APPEND digit-labs\r\n"
#define DEF_PORT 143
#define PORT_IMAPD DEF_PORT
#define RCNT_DELAY 3
static const char base64tab[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
static int base64 (const u_char * ibuf, u_char * ob
No writeups or analysis indexed.
http://secunia.com/advisories/16902http://securitytracker.com/id?1016123http://sourceforge.net/project/shownotes.php?group_id=31885&release_id=396091http://www.gulftech.org/?node=research&article_id=00107-03052006http://www.osvdb.org/23466http://www.securityfocus.com/bid/16801http://www.vupen.com/english/advisories/2006/0720https://exchange.xforce.ibmcloud.com/vulnerabilities/24873http://secunia.com/advisories/16902http://securitytracker.com/id?1016123http://sourceforge.net/project/shownotes.php?group_id=31885&release_id=396091http://www.gulftech.org/?node=research&article_id=00107-03052006http://www.osvdb.org/23466http://www.securityfocus.com/bid/16801http://www.vupen.com/english/advisories/2006/0720https://exchange.xforce.ibmcloud.com/vulnerabilities/24873
2006-02-25
Published