CVE-2006-1819

Phpwebsite < 0.10.2 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hub_dir parameter, as demonstrated by including access_log. NOTE: in some cases, arbitrary remote file inclusion could be performed under PHP 5 using an SMB share argument such as "\\systemname\sharename".

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1673

View Code ZIP pw:eip

References (9)

[Third Party Advisory] http://www.gentoo.org/security/en/glsa/glsa-200605-04.xml

[Exploit] http://www.securityfocus.com/bid/17521

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/25867

[Third Party Advisory, VDB Entry] http://downloads.securityfocus.com/vulnerabilities/exploits/PHPWebSite_fi_poc

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/1673

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1015942

[Third Party Advisory] http://secunia.com/advisories/19647

[Third Party Advisory] http://secunia.com/advisories/19914

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/1361

Scores

EPSS 0.0152

EPSS Percentile 81.3%

Details

Status published

Products (1)

phpwebsite/phpwebsite < 0.10.2

Published Apr 18, 2006

Tracked Since Feb 18, 2026