CVE-2006-4034
published 2006-08-09CVE-2006-4034: PHP remote file inclusion vulnerability in include/html/config.php in ModernGigabyte ModernBill 1.6 allows remote attackers to execute arbitrary PHP code via a…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.50%
82.7th percentile
PHP remote file inclusion vulnerability in include/html/config.php in ModernGigabyte ModernBill 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the DIR parameter.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| modernbill | modernbill | <= 4.4 | — |
| modernbill | modernbill | <= 4.4.0 | — |
| modernbill | modernbill | — | — |
| modernbill | modernbill | — | — |
| modernbill | modernbill | — | — |
| modernbill | modernbill | — | — |
| modernbill | modernbill | — | — |
| modernbill | modernbill | — | — |
| modernbill | modernbill | — | — |
| modernbill | modernbill | — | — |
| modernbill | modernbill | — | — |
| modernbill | modernbill | — | — |
| modernbill | modernbill | — | — |
| modernbill | modernbill | — | — |
| modernbill | modernbill | — | — |
| moderngigabyte | modernbill | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xgj6-g3gm-24hv: Multiple PHP remote file inclusion vulnerabilities in ModernBill 4
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2008-5060 [HIGH] CWE-94 GHSA-xgj6-g3gm-24hv: Multiple PHP remote file inclusion vulnerabilities in ModernBill 4
Multiple PHP remote file inclusion vulnerabilities in ModernBill 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to (1) export_batch.inc.php, (2) run_auto_suspend.cron.php, and (3) send_email_cache.php in include/scripts/; (4) include/misc/mod_2checkout/2checkout_return.inc.php; and (5) include/html/nettools.popup.php, different vectors than CVE-2006-4034 and CVE-2005-1054.
GHSA
GHSA-q8hx-4ph9-479g: PHP remote file inclusion vulnerability in include/html/config
ghsa_unreviewed·2022-05-01
CVE-2006-4034 [HIGH] GHSA-q8hx-4ph9-479g: PHP remote file inclusion vulnerability in include/html/config
PHP remote file inclusion vulnerability in include/html/config.php in ModernGigabyte ModernBill 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the DIR parameter.
No detection rules found.
No writeups or analysis indexed.
http://www.securityfocus.com/archive/1/442126/100/0/threadedhttp://www.securityfocus.com/bid/19335http://www.solpotcrew.org/adv/solpot-adv-04.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/28207http://www.securityfocus.com/archive/1/442126/100/0/threadedhttp://www.securityfocus.com/bid/19335http://www.solpotcrew.org/adv/solpot-adv-04.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/28207
2006-08-09
Published