CVE-2006-4026
published 2006-08-09CVE-2006-4026: PHP remote file inclusion vulnerability in SAPID CMS 123 rc3 allows remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter in…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.50%
87.7th percentile
PHP remote file inclusion vulnerability in SAPID CMS 123 rc3 allows remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter in usr/extensions/get_infochannel.inc.php and the (2) GLOBALS["root_path"] parameter in usr/extensions/get_tree.inc.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redgraphic | sapid_cms | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9598-xhf2-cw82: PHP remote file inclusion vulnerability in SAPID CMS 123 rc3 allows remote attackers to execute arbitrary PHP code via a URL in the (1) root_path para
ghsa_unreviewed·2022-05-01
CVE-2006-4026 [HIGH] CWE-94 GHSA-9598-xhf2-cw82: PHP remote file inclusion vulnerability in SAPID CMS 123 rc3 allows remote attackers to execute arbitrary PHP code via a URL in the (1) root_path para
PHP remote file inclusion vulnerability in SAPID CMS 123 rc3 allows remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter in usr/extensions/get_infochannel.inc.php and the (2) GLOBALS["root_path"] parameter in usr/extensions/get_tree.inc.php.
Red Hat
php: pcntl_exec() accepts paths with NUL character
vendor_redhat·2015-05-14·CVSS 5.0
CVE-2015-4026 [MEDIUM] CWE-626 php: pcntl_exec() accepts paths with NUL character
php: pcntl_exec() accepts paths with NUL character
The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.
It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.
Package: php (Red Hat Enterprise Linux 5) - Will not fix
Package: php53 (Red Hat Enterprise Linux 5) - Will not fix
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/21410http://securityreason.com/securityalert/1346http://securitytracker.com/id?1016650http://www.securityfocus.com/archive/1/442425/100/0/threadedhttp://www.securityfocus.com/bid/19383http://www.vupen.com/english/advisories/2006/3191https://exchange.xforce.ibmcloud.com/vulnerabilities/28250https://www.exploit-db.com/exploits/2128http://secunia.com/advisories/21410http://securityreason.com/securityalert/1346http://securitytracker.com/id?1016650http://www.securityfocus.com/archive/1/442425/100/0/threadedhttp://www.securityfocus.com/bid/19383http://www.vupen.com/english/advisories/2006/3191https://exchange.xforce.ibmcloud.com/vulnerabilities/28250https://www.exploit-db.com/exploits/2128
2006-08-09
Published