CVE-2006-3957

BosDev BosDates - Remote File Inclusion Code Execution

Title source: manual
STIX 2.1

Description

PHP remote file inclusion vulnerability in payment.php in BosDev BosDates allows remote attackers to execute arbitrary PHP code via a URL in the insPath parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by [email protected] · textwebappsphp
https://www.exploit-db.com/exploits/28289

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/19191
Exploit, URL Repurposed x_refsource_misc
http://www.jaascois.com/exploits/18602020
Exploit vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016585

Scores

EPSS 0.0207
EPSS Percentile 84.1%

Details

Status published
Products (4)
bosdev/bosdates 3.0
bosdev/bosdates 3.1
bosdev/bosdates 3.2
bosdev/bosdates 4.0
Published Aug 01, 2006
Tracked Since Feb 18, 2026