Vulnerability Description
Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hub_dir parameter, as demonstrated by including access_log. NOTE: in some cases, arbitrary remote file inclusion could be performed under PHP 5 using an SMB share argument such as "\\systemname\sharename".
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpwebsite | Phpwebsite | <= 0.10.2 |
References
- http://downloads.securityfocus.com/vulnerabilities/exploits/PHPWebSite_fi_poc
- http://secunia.com/advisories/19647
- http://secunia.com/advisories/19914
- http://securitytracker.com/id?1015942
- http://www.gentoo.org/security/en/glsa/glsa-200605-04.xml
- http://www.securityfocus.com/bid/17521Exploit
- http://www.vupen.com/english/advisories/2006/1361
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25867
- https://www.exploit-db.com/exploits/1673
- http://downloads.securityfocus.com/vulnerabilities/exploits/PHPWebSite_fi_poc
- http://secunia.com/advisories/19647
- http://secunia.com/advisories/19914
- http://securitytracker.com/id?1015942
- http://www.gentoo.org/security/en/glsa/glsa-200605-04.xml
- http://www.securityfocus.com/bid/17521Exploit
FAQ
What is CVE-2006-1819?
CVE-2006-1819 is a vulnerability with a CVSS score of 7.5 (HIGH). Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via t...
How severe is CVE-2006-1819?
CVE-2006-1819 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1819?
Check the references section above for vendor advisories and patch information. Affected products include: Phpwebsite Phpwebsite.