CVE-2006-3019

Published: Jun 15, 2006Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPCMS_INCLUDEPATH parameter to files in parser/include/ including (1) class.parser_phpcms.php, (2) class.session_phpcms.php, (3) class.edit_phpcms.php, (4) class.http_indexer_phpcms.php, (5) class.cache_phpcms.php, (6) class.search_phpcms.php, (7) class.lib_indexer_universal_phpcms.php, and (8) class.layout_phpcms.php, (9) parser/plugs/counter.php, and (10) parser/parser.php. NOTE: the class.cache_phpcms.php vector was also reported to affect 1.1.7.

Affected (1)

Products: Phpcms: Phpcms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Phpcms Phpcms	Version 1.2.1_p12

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (34)

http://secunia.com/advisories/20573

Source: cve@mitre.org

Vendor Advisory

http://securityreason.com/securityalert/1106

Source: cve@mitre.org

http://www.osvdb.org/26388

Source: cve@mitre.org

http://www.osvdb.org/26389

Source: cve@mitre.org

http://www.osvdb.org/26390

Source: cve@mitre.org

http://www.osvdb.org/26391

Source: cve@mitre.org

http://www.osvdb.org/26392

Source: cve@mitre.org

http://www.osvdb.org/26393

Source: cve@mitre.org

http://www.osvdb.org/26394

Source: cve@mitre.org

http://www.osvdb.org/26395

Source: cve@mitre.org

http://www.osvdb.org/26396

Source: cve@mitre.org

http://www.osvdb.org/26397

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/436893/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/455302/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/21768

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/2302

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/27067

Source: cve@mitre.org

http://secunia.com/advisories/20573

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securityreason.com/securityalert/1106

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/26388

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/26389

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/26390

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/26391

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/26392

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/26393

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/26394

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/26395

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/26396

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/26397

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/436893/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/455302/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/21768

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2006/2302

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/27067

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.