CVE-2006-4196
published 2006-08-17CVE-2006-4196: PHP remote file inclusion vulnerability in index.php in WEBInsta CMS 0.3.1 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL…
PriorityP349high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
9.37%
94.8th percentile
PHP remote file inclusion vulnerability in index.php in WEBInsta CMS 0.3.1 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the templates_dir parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| webinsta | cms | <= 0.3.1 | — |
| webinsta | webinsta_cms | <= 0.3.1 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8x9p-r75p-fx73: PHP remote file inclusion vulnerability in index
ghsa_unreviewed·2022-05-01
CVE-2006-4196 [HIGH] GHSA-8x9p-r75p-fx73: PHP remote file inclusion vulnerability in index
PHP remote file inclusion vulnerability in index.php in WEBInsta CMS 0.3.1 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the templates_dir parameter.
GHSA
GHSA-x234-q7v9-7242: PHP remote file inclusion vulnerability in modules/usersonline/users
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2006-4217 [HIGH] GHSA-x234-q7v9-7242: PHP remote file inclusion vulnerability in modules/usersonline/users
PHP remote file inclusion vulnerability in modules/usersonline/users.php in WEBInsta CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the module_dir parameter, a different vulnerability than CVE-2006-4196. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
No detection rules found.
No writeups or analysis indexed.
http://advisories.echo.or.id/adv/adv45-K-159-2006.txthttp://my.opera.com/atomo64/blog/show.dml/443167http://secunia.com/advisories/21463http://securityreason.com/securityalert/1400http://www.securityfocus.com/archive/1/443154/100/0/threadedhttp://www.securityfocus.com/archive/1/445083/100/0/threadedhttp://www.securityfocus.com/bid/19489http://www.vupen.com/english/advisories/2006/3276https://exchange.xforce.ibmcloud.com/vulnerabilities/28371https://www.exploit-db.com/exploits/2175http://advisories.echo.or.id/adv/adv45-K-159-2006.txthttp://my.opera.com/atomo64/blog/show.dml/443167http://secunia.com/advisories/21463http://securityreason.com/securityalert/1400http://www.securityfocus.com/archive/1/443154/100/0/threadedhttp://www.securityfocus.com/archive/1/445083/100/0/threadedhttp://www.securityfocus.com/bid/19489http://www.vupen.com/english/advisories/2006/3276https://exchange.xforce.ibmcloud.com/vulnerabilities/28371https://www.exploit-db.com/exploits/2175
2006-08-17
Published