CVE-2006-0940

ShoutLIVE 1.1.0 - Code Injection

Title source: llm

Description

Multiple direct static code injection vulnerabilities in savesettings.php in ShoutLIVE 1.1.0 allow remote attackers to execute arbitrary PHP code via variables that are written to settings.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by DarkFig · perlwebappsphp

https://www.exploit-db.com/exploits/1590

View Code ZIP pw:eip

References (8)

[Vendor Advisory] http://evuln.com/vulns/87/summary.html

[Vendor Advisory] http://secunia.com/advisories/19047

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/24897

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/426985/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/16857

[Third Party Advisory, VDB Entry] http://www.osvdb.org/23482

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/0755

[Third Party Advisory] http://securityreason.com/securityalert/557

Scores

EPSS 0.1270

EPSS Percentile 93.9%

Classification

Status draft

Affected Products (1)

cynical_games/shoutlive

Timeline

Published Mar 01, 2006

Tracked Since Feb 18, 2026