CVE-2006-3776
published 2006-07-24CVE-2006-3776: PHP remote file inclusion vulnerability in order/index.php in IDevSpot (1) PhpHostBot 1.0 and (2) AutoHost 3.0 allows remote attackers to execute arbitrary PHP…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.23%
86.7th percentile
PHP remote file inclusion vulnerability in order/index.php in IDevSpot (1) PhpHostBot 1.0 and (2) AutoHost 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| idevspot | autohost | — | — |
| idevspot | phphostbot | — | — |
| idevspot | phphostbot | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fq8q-p2hj-mx9w: PHP remote file inclusion vulnerability in order/login
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-4231 [HIGH] GHSA-fq8q-p2hj-mx9w: PHP remote file inclusion vulnerability in order/login
PHP remote file inclusion vulnerability in order/login.php in IDevSpot PhpHostBot 1.06 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the svr_rootscript parameter, a different vector than CVE-2007-4094 and CVE-2006-3776.
GHSA
GHSA-3q4q-4m2v-g7gj: PHP remote file inclusion vulnerability in library/authorize
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-4094 [HIGH] GHSA-3q4q-4m2v-g7gj: PHP remote file inclusion vulnerability in library/authorize
PHP remote file inclusion vulnerability in library/authorize.php in IDevSpot PhpHostBot allows remote attackers to execute arbitrary PHP code via a URL in the login_form parameter, a different vector than CVE-2006-3776.
GHSA
GHSA-5xm4-pxv6-f5vr: PHP remote file inclusion vulnerability in order/index
ghsa_unreviewed·2022-05-01
CVE-2006-3776 [HIGH] CWE-94 GHSA-5xm4-pxv6-f5vr: PHP remote file inclusion vulnerability in order/index
PHP remote file inclusion vulnerability in order/index.php in IDevSpot (1) PhpHostBot 1.0 and (2) AutoHost 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
No detection rules found.
No writeups or analysis indexed.
http://pridels0.blogspot.com/2006/07/phphostbot-remote-file-inclusion-vuln.htmlhttp://secunia.com/advisories/21128http://www.osvdb.org/27411http://www.securityfocus.com/bid/19084http://www.vupen.com/english/advisories/2006/2899https://exchange.xforce.ibmcloud.com/vulnerabilities/27852http://pridels0.blogspot.com/2006/07/phphostbot-remote-file-inclusion-vuln.htmlhttp://secunia.com/advisories/21128http://www.osvdb.org/27411http://www.securityfocus.com/bid/19084http://www.vupen.com/english/advisories/2006/2899https://exchange.xforce.ibmcloud.com/vulnerabilities/27852
2006-07-24
Published