cbcvebase.
CVE-2006-4621
published 2006-09-07

CVE-2006-4621: PHP remote file inclusion vulnerability in settings.php in Pheap 1.2, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in…

PriorityP429high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.26%
66.0th percentile
PHP remote file inclusion vulnerability in settings.php in Pheap 1.2, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The lib/config.php vector is already covered by CVE-2006-4531.

Affected

2 ranges
VendorProductVersion rangeFixed in
bare_concept_mediapheap_cms<= 1.2
bare_concept_mediapheap_cms
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.