Vulnerability Description
Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools PHP Live Helper 1.8 allow remote attackers to include and execute arbitrary PHP code via the abs_path parameter in (1) initiate.php, (2) waiting.php, (3) welcome.php, (4) admin/index.php, (5) javascript.php, (6) checkchat.php, and (7) blank.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Turnkey Web Tools | Php Live Helper | 1.8 |
References
- http://secunia.com/advisories/19428ExploitVendor Advisory
- http://www.osvdb.org/24193
- http://www.osvdb.org/24194
- http://www.osvdb.org/24195
- http://www.osvdb.org/24196
- http://www.osvdb.org/24197
- http://www.osvdb.org/24198
- http://www.osvdb.org/24199
- http://www.securityfocus.com/archive/1/428976/100/0/threaded
- http://www.securityfocus.com/archive/1/437648/100/0/threaded
- http://www.securityfocus.com/archive/1/437741/100/0/threaded
- http://www.securityfocus.com/bid/18509
- http://www.turnkeywebtools.com/forum/showthread.php?p=10415Patch
- http://www.vupen.com/english/advisories/2006/1137
- http://www.worlddefacers.de/Public/WD-TMPLH.txtExploit
FAQ
What is CVE-2006-1477?
CVE-2006-1477 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools PHP Live Helper 1.8 allow remote attackers to include and execute arbitrary PHP code via the abs_path parameter in (1) initiate....
How severe is CVE-2006-1477?
CVE-2006-1477 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1477?
Check the references section above for vendor advisories and patch information. Affected products include: Turnkey Web Tools Php Live Helper.