Описание
Multiple PHP remote file inclusion vulnerabilities in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter to (1) include/colorswitch.php, (2) contentimages.class.php, (3) ipfunctions.php, (4) configfunctions.php, (5) printpagedetails.php, or (6) log.class.php. NOTE: the copyright.php vector is already covered by CVE-2006-3993.
Multiple PHP remote file inclusion vulnerabilities in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter to (1) include/colorswitch.php, (2) contentimages.class.php, (3) ipfunctions.php, (4) configfunctions.php, (5) printpagedetails.php, or (6) log.class.php. NOTE: the copyright.php vector is already covered by CVE-2006-3993.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2006-4055
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28107
- https://www.exploit-db.com/exploits/2116
- http://secunia.com/advisories/21291
- http://securityreason.com/securityalert/1354
- http://sourceforge.net/forum/forum.php?forum_id=597790
- http://sourceforge.net/forum/forum.php?thread_id=1546639&forum_id=369628
- http://www.securityfocus.com/archive/1/442098/100/0/threaded
- http://www.securityfocus.com/bid/19326
EPSS
CVE ID
Связанные уязвимости
Multiple PHP remote file inclusion vulnerabilities in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter to (1) include/colorswitch.php, (2) contentimages.class.php, (3) ipfunctions.php, (4) configfunctions.php, (5) printpagedetails.php, or (6) log.class.php. NOTE: the copyright.php vector is already covered by CVE-2006-3993.
EPSS