CVE-2006-1154
published 2006-03-10CVE-2006-1154: PHP remote file inclusion vulnerability in archive.php in Fantastic News 2.1.2 allows remote attackers to include arbitrary files via the CONFIG[script_path]…
PriorityP433high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.78%
84.6th percentile
PHP remote file inclusion vulnerability in archive.php in Fantastic News 2.1.2 allows remote attackers to include arbitrary files via the CONFIG[script_path] variable. NOTE: 2.1.4 was also reported to be vulnerable.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fscripts | fantastic_news | <= 2.1.4 | — |
| fscripts | fantastic_news | — | — |
| fscripts | fantastic_news | — | — |
| fscripts | fantastic_news | — | — |
| fscripts | fantastic_news | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2ffv-4gjr-39h9: PHP remote file inclusion vulnerability in headlines
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2006-4671 [HIGH] CWE-94 GHSA-2ffv-4gjr-39h9: PHP remote file inclusion vulnerability in headlines
PHP remote file inclusion vulnerability in headlines.php in Fantastic News 2.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter, a different vector than CVE-2006-1154.
GHSA
GHSA-c8vh-8h4w-hxhr: PHP remote file inclusion vulnerability in archive
ghsa_unreviewed·2022-05-01
CVE-2006-1154 [HIGH] CWE-94 GHSA-c8vh-8h4w-hxhr: PHP remote file inclusion vulnerability in archive
PHP remote file inclusion vulnerability in archive.php in Fantastic News 2.1.2 allows remote attackers to include arbitrary files via the CONFIG[script_path] variable. NOTE: 2.1.4 was also reported to be vulnerable.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/21807http://secunia.com/advisories/23519http://sx02.coresec.de/advisories/152.txthttp://www.securityfocus.com/bid/16985http://www.securityfocus.com/bid/21796http://www.vupen.com/english/advisories/2006/0826http://www.vupen.com/english/advisories/2006/3513https://exchange.xforce.ibmcloud.com/vulnerabilities/25064https://exchange.xforce.ibmcloud.com/vulnerabilities/31121https://www.exploit-db.com/exploits/3027http://secunia.com/advisories/21807http://secunia.com/advisories/23519http://sx02.coresec.de/advisories/152.txthttp://www.securityfocus.com/bid/16985http://www.securityfocus.com/bid/21796http://www.vupen.com/english/advisories/2006/0826http://www.vupen.com/english/advisories/2006/3513https://exchange.xforce.ibmcloud.com/vulnerabilities/25064https://exchange.xforce.ibmcloud.com/vulnerabilities/31121https://www.exploit-db.com/exploits/3027
2006-03-10
Published