Vulnerability Description
Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) func_prog parameter to (a) preload.php and (b) index.php; (2) header_prog parameter to (c) missing.php and (d) email.php, (e) files.php, (f) headlines.php, (g) search.php, (h) topics.php, and (i) users.php in _mods/; (3) theme_root parameter to (j) footer.php, (k) header.php, (l) pfooter.php, and (m) pheader.php in _inc; (4) mod_root parameter to _inc/header.php; and the (5) mod_dir and (6) php_ext parameters to (n) _inc/web_statsConfig.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Harpia | Harpia Cms | <= 1.0.5 |
References
- http://www.securityfocus.com/bid/18614Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27308
- https://www.exploit-db.com/exploits/1943
- http://www.securityfocus.com/bid/18614Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27308
- https://www.exploit-db.com/exploits/1943
FAQ
What is CVE-2006-7024?
CVE-2006-7024 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) func_prog parameter to (a) preload.php and ...
How severe is CVE-2006-7024?
CVE-2006-7024 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-7024?
Check the references section above for vendor advisories and patch information. Affected products include: Harpia Harpia Cms.