CVE-2006-2828
published 2006-06-05CVE-2006-2828: Global variable overwrite vulnerability in PHP-Nuke allows remote attackers to conduct remote PHP file inclusion attacks via a modified phpbb_root_path…
PriorityP336medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
2.48%
82.6th percentile
Global variable overwrite vulnerability in PHP-Nuke allows remote attackers to conduct remote PHP file inclusion attacks via a modified phpbb_root_path parameter to the admin scripts (1) index.php, (2) admin_ug_auth.php, (3) admin_board.php, (4) admin_disallow.php, (5) admin_forumauth.php, (6) admin_groups.php, (7) admin_ranks.php, (8) admin_styles.php, (9) admin_user_ban.php, (10) admin_words.php, (11) admin_avatar.php, (12) admin_db_utilities.php, (13) admin_forum_prune.php, (14) admin_forums.php, (15) admin_mass_email.php, (16) admin_smilies.php, (17) admin_ug_auth.php, and (18) admin_users.php, which overwrites $phpbb_root_path when the import_request_variables function is executed after $phpbb_root_path has been initialized to a static value.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6115 [HIGH] ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid DELETE
ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid DELETE"; flow:established,to_server; http.uri; content:"/index.asp?"; nocase; content:"fid="; nocase; content:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/i"; reference:cve,CVE-2006-6115; reference:url,www.milw0rm.com/exploits/2828; classtype:web-application-attack; sid:2007389; rev:7; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_na
Suricata
ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6115 [HIGH] ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid INSERT
ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid INSERT"; flow:established,to_server; http.uri; content:"/index.asp?"; nocase; content:"fid="; nocase; content:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/i"; reference:cve,CVE-2006-6115; reference:url,www.milw0rm.com/exploits/2828; classtype:web-application-attack; sid:2007388; rev:7; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_na
Suricata
ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6115 [HIGH] ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid UPDATE
ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid UPDATE"; flow:established,to_server; http.uri; content:"/index.asp?"; nocase; content:"fid="; nocase; content:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/i"; reference:cve,CVE-2006-6115; reference:url,www.milw0rm.com/exploits/2828; classtype:web-application-attack; sid:2007391; rev:7; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_nam
Suricata
ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2006-6115 [HIGH] ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid ASCII
ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid ASCII"; flow:established,to_server; http.uri; content:"/index.asp?"; nocase; content:"fid="; nocase; content:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/i"; reference:cve,CVE-2006-6115; reference:url,www.milw0rm.com/exploits/2828; classtype:web-application-attack; sid:2007390; rev:7; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_na
Suricata
ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6115 [HIGH] ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid UNION SELECT
ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid UNION SELECT"; flow:established,to_server; http.uri; content:"/index.asp?"; nocase; content:"fid="; nocase; content:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/i"; reference:cve,CVE-2006-6115; reference:url,www.milw0rm.com/exploits/2828; classtype:web-application-attack; sid:2007387; rev:7; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre
Suricata
ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6115 [HIGH] ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid SELECT
ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid SELECT"; flow:established,to_server; http.uri; content:"/index.asp?"; nocase; content:"fid="; nocase; content:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/i"; reference:cve,CVE-2006-6115; reference:url,www.milw0rm.com/exploits/2828; classtype:web-application-attack; sid:2007386; rev:7; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_na
No writeups or analysis indexed.
CWE
Improper Control of Dynamically-Identified Variables
mitre_cwe·CVSS 6.4
[MEDIUM] CWE-914 Improper Control of Dynamically-Identified Variables
CWE-914: Improper Control of Dynamically-Identified Variables
The product does not properly restrict reading from or writing to dynamically-identified variables.
Many languages offer powerful features that allow the programmer to access arbitrary variables that are specified by an input string. While these features can offer significant flexibility and reduce development time, they can be extremely dangerous if attackers can modify unintended variables that have security implications.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity. Impact: Modify Application Data. An attacker could modify sensitive data or program variables.
Scope: Integrity. Impact: Execute Unauthorized Code or Commands.
Scope: Other, Integrity. Impact: Varies by Context, Alter Exec
CWE
Variable Extraction Error
mitre_cwe·CVSS 7.5
[HIGH] CWE-621 Variable Extraction Error
CWE-621: Variable Extraction Error
The product uses external input to determine the names of variables into which information is extracted, without verifying that the names of the specified variables are valid. This could cause the program to overwrite unintended variables.
For example, in PHP, extraction can be used to provide functionality similar to register_globals, a dangerous functionality that is frequently disabled in production systems. Calling extract() or import_request_variables() without the proper arguments could allow arbitrary global variables to be overwritten, including superglobals. Similar functionality is possible in other interpreted languages, including custom languages.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity. Impact: M
http://securityreason.com/securityalert/1040http://www.securityfocus.com/archive/1/435407/100/0/threadedhttp://www.securityfocus.com/archive/1/435611/100/0/threadedhttp://www.securityfocus.com/archive/1/435705/100/0/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/27368http://securityreason.com/securityalert/1040http://www.securityfocus.com/archive/1/435407/100/0/threadedhttp://www.securityfocus.com/archive/1/435611/100/0/threadedhttp://www.securityfocus.com/archive/1/435705/100/0/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/27368
2006-06-05
Published