CVE-2006-7017 Information

Feb 14, 2021 cve

Description

Multiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the admin_template_path parameter to admin/ scripts (1) app_change_email.php (2) app_change_pwd.php (3) app_mod_rewrite.php (4) app_page_caching.php (5) app_setup.php (6) cat_add.php (7) cat_delete.php (8) cat_edit.php (9) cat_path_update.php (10) cat_search.php (11) cat_struc.php (12) cat_view.php (13) cat_view_hidden.php (14) cat_view_hierarchy.php (15) cat_view_registered_only.php (16) checkurl_web.php (17) db_alter.php (18) db_alter_change.php (19) db_backup.php (20) db_export.php (21) db_import.php (22) editor_add.php (23) editor_delete.php (24) editor_validate.php (25) head.php (26) index.php (27) inv_config.php (28) inv_config_payment.php (29) inv_create.php (30) inv_delete.php (31) inv_edit.php (32) inv_markpaid.php (33) inv_markunpaid.php (34) inv_overdue.php (35) inv_paid.php (36) inv_send.php (37) inv_unpaid.php (38) lang_modify.php (39) link_add.php (40) link_bad.php (41) link_bad_delete.php (42) link_checkurl.php (43) link_delete.php (44) link_duplicate.php (45) link_edit.php (46) link_premium_listing.php (47) link_premium_sponsored.php (48) link_search.php (49) link_sponsored_listing.php (50) link_validate.php (51) link_validate_edit.php (52) link_view.php (53) log_search.php (54) mail_modify.php (55) menu.php (56) message_create.php (57) message_delete.php (58) message_edit.php (59) message_send.php (60) message_subscriber.php (61) message_view.php (62) review_validate.php (63) review_validate_edit.php (64) summary.php (65) template_active.php (66) template_add_custom.php (67) template_delete.php (68) template_delete_file.php (69) template_duplicate.php (70) template_export.php (71) template_import.php (72) template_manager.php (73) template_modify.php (74) template_modify_file.php (75) template_rename.php (76) user_add.php (77) user_delete.php (78) user_edit.php (79) user_search.php and (80) whos.php.

Reference

http://archives.neohapsis.com/archives/bugtraq/2006-06/0318.html http://secunia.com/advisories/18752 http://securityreason.com/securityalert/2252 http://www.securitytracker.com/id?1016330 https://exchange.xforce.ibmcloud.com/vulnerabilities/27262 Multiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the admin_template_path parameter to admin/ scripts (1) app_change_email.php (2) app_change_pwd.php (3) app_mod_rewrite.php (4) app_page_caching.php (5) app_setup.php (6) cat_add.php (7) cat_delete.php (8) cat_edit.php (9) cat_path_update.php (10) cat_search.php (11) cat_struc.php (12) cat_view.php (13) cat_view_hidden.php (14) cat_view_hierarchy.php (15) cat_view_registered_only.php (16) checkurl_web.php (17) db_alter.php (18) db_alter_change.php (19) db_backup.php (20) db_export.php (21) db_import.php (22) editor_add.php (23) editor_delete.php (24) editor_validate.php (25) head.php (26) index.php (27) inv_config.php (28) inv_config_payment.php (29) inv_create.php (30) inv_delete.php (31) inv_edit.php (32) inv_markpaid.php (33) inv_markunpaid.php (34) inv_overdue.php (35) inv_paid.php (36) inv_send.php (37) inv_unpaid.php (38) lang_modify.php (39) link_add.php (40) link_bad.php (41) link_bad_delete.php (42) link_checkurl.php (43) link_delete.php (44) link_duplicate.php (45) link_edit.php (46) link_premium_listing.php (47) link_premium_sponsored.php (48) link_search.php (49) link_sponsored_listing.php (50) link_validate.php (51) link_validate_edit.php (52) link_view.php (53) log_search.php (54) mail_modify.php (55) menu.php (56) message_create.php (57) message_delete.php (58) message_edit.php (59) message_send.php (60) message_subscriber.php (61) message_view.php (62) review_validate.php (63) review_validate_edit.php (64) summary.php (65) template_active.php (66) template_add_custom.php (67) template_delete.php (68) template_delete_file.php (69) template_duplicate.php (70) template_export.php (71) template_import.php (72) template_manager.php (73) template_modify.php (74) template_modify_file.php (75) template_rename.php (76) user_add.php (77) user_delete.php (78) user_edit.php (79) user_search.php and (80) whos.php.

Share on: