CVE-2006-4189
published 2006-08-17CVE-2006-4189: Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in…
PriorityP433medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EPSS
3.80%
88.7th percentile
Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3) browse.php, (4) cc.php, (5) click.php, (6) faq.php, (7) gallery.php, (8) im.php, (9) inbox.php, (10) join_form.php, (11) logout.php, (12) messages_inbox.php, and many other scripts.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| boonex | dolphin | — | — |
| boonex | dolphin | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-24xv-wv3m-hcqm: Multiple PHP remote file inclusion vulnerabilities in Dolphin 5
ghsa_unreviewed·2022-05-01
CVE-2006-4189 [MEDIUM] GHSA-24xv-wv3m-hcqm: Multiple PHP remote file inclusion vulnerabilities in Dolphin 5
Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3) browse.php, (4) cc.php, (5) click.php, (6) faq.php, (7) gallery.php, (8) im.php, (9) inbox.php, (10) join_form.php, (11) logout.php, (12) messages_inbox.php, and many other scripts.
GHSA
GHSA-49p5-5qm7-494m: PHP remote file inclusion vulnerability in templates/tmpl_dfl/scripts/index
ghsa_unreviewed·2022-05-01·CVSS 5.1
CVE-2006-5410 [MEDIUM] GHSA-49p5-5qm7-494m: PHP remote file inclusion vulnerability in templates/tmpl_dfl/scripts/index
PHP remote file inclusion vulnerability in templates/tmpl_dfl/scripts/index.php in BoonEx Dolphin 5.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter. NOTE: it is possible that this issue overlaps CVE-2006-4189.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/21535http://securitytracker.com/id?1016692http://www.osvdb.org/28473http://www.osvdb.org/28474http://www.osvdb.org/28478http://www.osvdb.org/28479http://www.osvdb.org/28485http://www.osvdb.org/28492http://www.osvdb.org/28493http://www.osvdb.org/28496http://www.osvdb.org/28498http://www.osvdb.org/28499http://www.osvdb.org/28500http://www.osvdb.org/28501http://www.osvdb.org/28502http://www.osvdb.org/28503http://www.osvdb.org/28504http://www.osvdb.org/28505http://www.osvdb.org/28506http://www.osvdb.org/28507http://www.osvdb.org/28508http://www.osvdb.org/28509http://www.osvdb.org/28510http://www.osvdb.org/28511http://www.osvdb.org/28512http://www.osvdb.org/28513http://www.osvdb.org/28514http://www.osvdb.org/28515http://www.osvdb.org/28516http://www.osvdb.org/28517http://www.osvdb.org/28519http://www.osvdb.org/28520http://www.osvdb.org/28521http://www.osvdb.org/28522http://www.osvdb.org/28523http://www.osvdb.org/28524http://www.osvdb.org/28525http://www.osvdb.org/28526http://www.osvdb.org/28527http://www.osvdb.org/28528http://www.osvdb.org/28529http://www.osvdb.org/28530http://www.securityfocus.com/bid/21182http://www.vupen.com/english/advisories/2006/3346https://exchange.xforce.ibmcloud.com/vulnerabilities/28363http://secunia.com/advisories/21535http://securitytracker.com/id?1016692http://www.osvdb.org/28473http://www.osvdb.org/28474http://www.osvdb.org/28478http://www.osvdb.org/28479http://www.osvdb.org/28485http://www.osvdb.org/28492http://www.osvdb.org/28493http://www.osvdb.org/28496http://www.osvdb.org/28498http://www.osvdb.org/28499http://www.osvdb.org/28500http://www.osvdb.org/28501http://www.osvdb.org/28502http://www.osvdb.org/28503http://www.osvdb.org/28504http://www.osvdb.org/28505http://www.osvdb.org/28506http://www.osvdb.org/28507http://www.osvdb.org/28508http://www.osvdb.org/28509http://www.osvdb.org/28510http://www.osvdb.org/28511http://www.osvdb.org/28512http://www.osvdb.org/28513http://www.osvdb.org/28514http://www.osvdb.org/28515http://www.osvdb.org/28516http://www.osvdb.org/28517http://www.osvdb.org/28519http://www.osvdb.org/28520http://www.osvdb.org/28521http://www.osvdb.org/28522http://www.osvdb.org/28523http://www.osvdb.org/28524http://www.osvdb.org/28525http://www.osvdb.org/28526http://www.osvdb.org/28527http://www.osvdb.org/28528http://www.osvdb.org/28529http://www.osvdb.org/28530http://www.securityfocus.com/bid/21182http://www.vupen.com/english/advisories/2006/3346https://exchange.xforce.ibmcloud.com/vulnerabilities/28363
2006-08-17
Published