CVE-2006-3116
published 2006-06-29CVE-2006-3116: Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.4 and 3.0.5 allow remote attackers to execute arbitrary code via a URL in the phpraid_dir…
PriorityP336medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EPSS
7.13%
93.5th percentile
Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.4 and 3.0.5 allow remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) configuration.php, (3) guilds.php, (4) index.php, (5) locations.php, (6) login.php, (7) lua_output.php, (8) permissions.php, (9) profile.php, (10) raids.php, (11) register.php, (12) roster.php, and (13) view.php.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| spiffyjr | phpraid | — | — |
| spiffyjr | phpraid | — | — |
| spiffyjr | phpraid | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-25qh-vf9g-cg5r: Multiple PHP remote file inclusion vulnerabilities in phpRaid 3
ghsa_unreviewed·2022-05-01
CVE-2006-3116 [MEDIUM] GHSA-25qh-vf9g-cg5r: Multiple PHP remote file inclusion vulnerabilities in phpRaid 3
Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.4 and 3.0.5 allow remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) configuration.php, (3) guilds.php, (4) index.php, (5) locations.php, (6) login.php, (7) lua_output.php, (8) permissions.php, (9) profile.php, (10) raids.php, (11) register.php, (12) roster.php, and (13) view.php.
GHSA
GHSA-w344-cgvx-8fq3: Multiple PHP remote file inclusion vulnerabilities in phpRaid 3
ghsa_unreviewed·2022-05-01·CVSS 5.1
CVE-2006-3316 [MEDIUM] GHSA-w344-cgvx-8fq3: Multiple PHP remote file inclusion vulnerabilities in phpRaid 3
Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.5 allow remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) logs.php and (2) users.php, a different set of vectors than CVE-2006-3116.
GHSA
GHSA-3942-5prh-7v6g: PHP remote file inclusion vulnerability in phpRaid 3
ghsa_unreviewed·2022-05-01·CVSS 5.1
CVE-2006-3317 [MEDIUM] GHSA-3942-5prh-7v6g: PHP remote file inclusion vulnerability in phpRaid 3
PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) announcements.php and (2) rss.php, a different set of vectors and affected versions than CVE-2006-3316 and CVE-2006-3116.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0824.htmlhttp://secunia.com/advisories/20200http://secunia.com/secunia_research/2006-47/advisory/http://www.osvdb.org/26891http://www.osvdb.org/26892http://www.osvdb.org/26893http://www.osvdb.org/26894http://www.osvdb.org/26895http://www.osvdb.org/26896http://www.osvdb.org/26897http://www.osvdb.org/26898http://www.osvdb.org/26899http://www.osvdb.org/26900http://www.osvdb.org/26901http://www.osvdb.org/26902http://www.securityfocus.com/bid/18719https://exchange.xforce.ibmcloud.com/vulnerabilities/27465http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0824.htmlhttp://secunia.com/advisories/20200http://secunia.com/secunia_research/2006-47/advisory/http://www.osvdb.org/26891http://www.osvdb.org/26892http://www.osvdb.org/26893http://www.osvdb.org/26894http://www.osvdb.org/26895http://www.osvdb.org/26896http://www.osvdb.org/26897http://www.osvdb.org/26898http://www.osvdb.org/26899http://www.osvdb.org/26900http://www.osvdb.org/26901http://www.osvdb.org/26902http://www.securityfocus.com/bid/18719https://exchange.xforce.ibmcloud.com/vulnerabilities/27465
2006-06-29
Published