CVE-2006-0940

ShoutLIVE 1.1.0 - Code Injection

Title source: llm

Description

Multiple direct static code injection vulnerabilities in savesettings.php in ShoutLIVE 1.1.0 allow remote attackers to execute arbitrary PHP code via variables that are written to settings.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by DarkFig · perlwebappsphp

https://www.exploit-db.com/exploits/1590

View Code ZIP pw:eip

References (8)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/24897

[Third Party Advisory, VDB Entry] http://www.osvdb.org/23482

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/426985/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/16857

[Vendor Advisory] http://secunia.com/advisories/19047

[Third Party Advisory] http://securityreason.com/securityalert/557

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/0755

[Vendor Advisory] http://evuln.com/vulns/87/summary.html

Scores

EPSS 0.1270

EPSS Percentile 94.0%

Details

Status published

Products (1)

cynical_games/shoutlive 1.1.0

Published Mar 01, 2006

Tracked Since Feb 18, 2026