CVE-2006-2149
published 2006-05-03CVE-2006-2149: PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote…
PriorityP341medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
7.67%
93.8th percentile
PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CONFIG[path] parameter, as demonstrated by including a GIF that contains PHP code.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| avatic | aardvark_topsites_php | <= 4.2.2 | — |
| avatic | aardvark_topsites_php | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-88xw-fpf4-57m7: PHP remote file inclusion vulnerability in sources/lostpw
ghsa_unreviewed·2022-05-01
CVE-2006-2149 [MEDIUM] GHSA-88xw-fpf4-57m7: PHP remote file inclusion vulnerability in sources/lostpw
PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CONFIG[path] parameter, as demonstrated by including a GIF that contains PHP code.
GHSA
GHSA-vcqg-fcrx-mqmg: PHP remote file inclusion vulnerability in sources/join
ghsa_unreviewed·2022-05-01·CVSS 6.4
CVE-2006-7026 [MEDIUM] GHSA-vcqg-fcrx-mqmg: PHP remote file inclusion vulnerability in sources/join
PHP remote file inclusion vulnerability in sources/join.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[path] parameter, a different vector than CVE-2006-2149.
Suricata
ET WEB_SPECIFIC_APPS PHP Aardvark Topsites PHP CONFIG PATH Remote File Include Attempt
suricata·2010-07-30·CVSS 6.4
CVE-2006-2149 [MEDIUM] ET WEB_SPECIFIC_APPS PHP Aardvark Topsites PHP CONFIG PATH Remote File Include Attempt
ET WEB_SPECIFIC_APPS PHP Aardvark Topsites PHP CONFIG PATH Remote File Include Attempt
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PHP Aardvark Topsites PHP CONFIG PATH Remote File Include Attempt"; flow:established,to_server; http.uri; content:"CONFIG[PATH]="; nocase; pcre:"/(join|lostpw)\.php\?/i"; pcre:"/&CONFIG\x5bpath\x5d=(https?|ftps?|php)\:/i"; reference:cve,CVE-2006-2149; reference:url,www.osvdb.org/25158; classtype:web-application-attack; sid:2002901; rev:9; metadata:affected_product Any, attack_target Server, created_at 2010_07_30, deployment Datacenter, signature_severity Major, tag Remote_File_Include, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Pu
No writeups or analysis indexed.
http://secunia.com/advisories/19911http://www.osvdb.org/25158http://www.securityfocus.com/bid/17940http://www.vupen.com/english/advisories/2006/1587https://exchange.xforce.ibmcloud.com/vulnerabilities/26189https://www.exploit-db.com/exploits/1732http://secunia.com/advisories/19911http://www.osvdb.org/25158http://www.securityfocus.com/bid/17940http://www.vupen.com/english/advisories/2006/1587https://exchange.xforce.ibmcloud.com/vulnerabilities/26189https://www.exploit-db.com/exploits/1732
2006-05-03
Published