CVE-2006-5458
published 2006-10-23CVE-2006-5458: PHP remote file inclusion vulnerability in common.php in Hinton Design phpht Topsites allows remote attackers to execute arbitrary PHP code via a URL in the…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.13%
86.2th percentile
PHP remote file inclusion vulnerability in common.php in Hinton Design phpht Topsites allows remote attackers to execute arbitrary PHP code via a URL in the phpht_real_path parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hinton_design | phpht_topsites | <= 1.0 | — |
| hinton_design | phpht_topsites | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f2h2-5r4f-v93c: PHP remote file inclusion vulnerability in common
ghsa_unreviewed·2022-05-01
CVE-2006-5458 [HIGH] GHSA-f2h2-5r4f-v93c: PHP remote file inclusion vulnerability in common
PHP remote file inclusion vulnerability in common.php in Hinton Design phpht Topsites allows remote attackers to execute arbitrary PHP code via a URL in the phpht_real_path parameter.
GHSA
GHSA-7979-m9mc-33w2: ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Hinton Design phpht Topsites allow remote attackers to execute arbitrary PHP code
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2006-5460 [HIGH] GHSA-7979-m9mc-33w2: ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Hinton Design phpht Topsites allow remote attackers to execute arbitrary PHP code
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Hinton Design phpht Topsites allow remote attackers to execute arbitrary PHP code via a URL in the phpht_real_path parameter to (1) index.php, (2) certain other scripts in the top-level directory, and (3) certain scripts in the admin/ directory. NOTE: CVE disputes this vulnerability because $phpht_real_path is defined before use in index.php and most other files except common.php, which is already covered by CVE-2006-5458.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/22404http://www.securityfocus.com/bid/20491http://www.vupen.com/english/advisories/2006/4023https://exchange.xforce.ibmcloud.com/vulnerabilities/29492https://www.exploit-db.com/exploits/2526http://secunia.com/advisories/22404http://www.securityfocus.com/bid/20491http://www.vupen.com/english/advisories/2006/4023https://exchange.xforce.ibmcloud.com/vulnerabilities/29492https://www.exploit-db.com/exploits/2526
2006-10-23
Published