CVE-2006-1478

Published: Mar 29, 2006Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Directory traversal vulnerability in (1) initiate.php and (2) possibly other PHP scripts in Turnkey Web Tools PHP Live Helper 1.8, and possibly later versions, allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by uploading PHP code in a gl_session cookie to users.php, which causes the code to be stored in error.log, which is then included by initiate.php.

Affected (1)

Products: Turnkey Web Tools: Php Live Helper

Turnkey Web Tools

1 product

Php Live Helper

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Turnkey Web Tools Php Live Helper	Version 1.8

References (12)

http://secunia.com/advisories/19428

Source: cve@mitre.org

http://securityreason.com/securityalert/641

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/428976/100/0/threaded

Source: cve@mitre.org

http://www.turnkeywebtools.com/forum/showthread.php?p=10415

Source: cve@mitre.org

Patch

http://www.worlddefacers.de/Public/WD-TMPLH.txt

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/25489

Source: cve@mitre.org

http://secunia.com/advisories/19428

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/641

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/428976/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.turnkeywebtools.com/forum/showthread.php?p=10415

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.worlddefacers.de/Public/WD-TMPLH.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/25489

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.