CVE-2006-2507
published 2006-05-22CVE-2006-2507: Multiple PHP remote file inclusion vulnerabilities in Teake Nutma Foing 0.2.0 through 0.7.0, as used with phpBB, allow remote attackers to execute arbitrary…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
4.19%
89.7th percentile
Multiple PHP remote file inclusion vulnerabilities in Teake Nutma Foing 0.2.0 through 0.7.0, as used with phpBB, allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) index.php, (2) song.php, (3) faq.php, (4) list.php, (5) gen_m3u.php, and (6) playlist.php.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| activity_mod_plus | activity_mod_plus | — | — |
| phpbb-portal | blend_portal | — | — |
| teake_nutma | foing | — | — |
| teake_nutma | foing | — | — |
| teake_nutma | foing | — | — |
| teake_nutma | foing | — | — |
| teake_nutma | foing | — | — |
| teake_nutma | foing | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xmc9-grjq-6qxg: PHP remote file inclusion vulnerability in language/lang_english/lang_activity
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2006-2735 [HIGH] GHSA-xmc9-grjq-6qxg: PHP remote file inclusion vulnerability in language/lang_english/lang_activity
PHP remote file inclusion vulnerability in language/lang_english/lang_activity.php in Activity MOD Plus (Amod) 1.1.0, as used with phpBB when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: This is a similar vulnerability to CVE-2006-2507.
GHSA
GHSA-gqff-mxhc-wwp4: PHP remote file inclusion vulnerability in blend_data/blend_common
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2006-2736 [HIGH] GHSA-gqff-mxhc-wwp4: PHP remote file inclusion vulnerability in blend_data/blend_common
PHP remote file inclusion vulnerability in blend_data/blend_common.php in Blend Portal 1.2.0, as used with phpBB when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: This is a similar vulnerability to CVE-2006-2507.
GHSA
GHSA-x65r-cqc4-6x4g: Multiple PHP remote file inclusion vulnerabilities in Teake Nutma Foing 0
ghsa_unreviewed·2022-05-01
CVE-2006-2507 [HIGH] GHSA-x65r-cqc4-6x4g: Multiple PHP remote file inclusion vulnerabilities in Teake Nutma Foing 0
Multiple PHP remote file inclusion vulnerabilities in Teake Nutma Foing 0.2.0 through 0.7.0, as used with phpBB, allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) index.php, (2) song.php, (3) faq.php, (4) list.php, (5) gen_m3u.php, and (6) playlist.php.
No detection rules found.
No writeups or analysis indexed.
http://kurdishsecurity.blogspot.com/2006/05/kurdish-security-7-foing-remote-file.htmlhttp://secunia.com/advisories/20092http://securityreason.com/securityalert/932http://www.osvdb.org/25564http://www.securityfocus.com/archive/1/433824/100/0/threadedhttp://www.securityfocus.com/archive/1/435302/100/0/threadedhttp://www.securityfocus.com/bid/17963http://www.vupen.com/english/advisories/2006/1793https://exchange.xforce.ibmcloud.com/vulnerabilities/26425http://kurdishsecurity.blogspot.com/2006/05/kurdish-security-7-foing-remote-file.htmlhttp://secunia.com/advisories/20092http://securityreason.com/securityalert/932http://www.osvdb.org/25564http://www.securityfocus.com/archive/1/433824/100/0/threadedhttp://www.securityfocus.com/archive/1/435302/100/0/threadedhttp://www.securityfocus.com/bid/17963http://www.vupen.com/english/advisories/2006/1793https://exchange.xforce.ibmcloud.com/vulnerabilities/26425
2006-05-22
Published