CVE-2006-5062
published 2006-09-28CVE-2006-5062: PHP remote file inclusion vulnerability in templates/pb/language/lang_nl.php in PBLang (PBL) 4.66z and earlier allows remote attackers to execute arbitrary PHP…
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.68%
84.0th percentile
PHP remote file inclusion vulnerability in templates/pb/language/lang_nl.php in PBLang (PBL) 4.66z and earlier allows remote attackers to execute arbitrary PHP code via a URL in the temppath parameter.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pblang | pblang | <= 4.60 | — |
| pblang | pblang | <= 4.66z | — |
| pblang | pblang | — | — |
| pblang | pblang | — | — |
| pblang | pblang | — | — |
| pblang | pblang | — | — |
| pblang | pblang | — | — |
| pblang | pblang | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-34p9-8chp-pp4w: PHP remote file inclusion vulnerability in templates/pb/language/lang_nl
ghsa_unreviewed·2022-05-01
CVE-2006-5062 [HIGH] GHSA-34p9-8chp-pp4w: PHP remote file inclusion vulnerability in templates/pb/language/lang_nl
PHP remote file inclusion vulnerability in templates/pb/language/lang_nl.php in PBLang (PBL) 4.66z and earlier allows remote attackers to execute arbitrary PHP code via a URL in the temppath parameter.
GHSA
GHSA-58pq-gm76-v728: ** DISPUTED ** PHP remote file inclusion vulnerability in index
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-1052 [HIGH] GHSA-58pq-gm76-v728: ** DISPUTED ** PHP remote file inclusion vulnerability in index
** DISPUTED ** PHP remote file inclusion vulnerability in index.php in PBLang (PBL) 4.60 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the dbpath parameter, a different vector than CVE-2006-5062. NOTE: this issue has been disputed by a reliable third party for 4.65, stating that the dbpath variable is initialized in an included file that is created upon installation.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/22121http://www.securityfocus.com/bid/20184http://www.vupen.com/english/advisories/2006/3772https://exchange.xforce.ibmcloud.com/vulnerabilities/29139https://www.exploit-db.com/exploits/2428http://secunia.com/advisories/22121http://www.securityfocus.com/bid/20184http://www.vupen.com/english/advisories/2006/3772https://exchange.xforce.ibmcloud.com/vulnerabilities/29139https://www.exploit-db.com/exploits/2428
2006-09-28
Published