CVE-2006-4055

TSEP <0.942 - RCE

Title source: llm

Description

Multiple PHP remote file inclusion vulnerabilities in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter to (1) include/colorswitch.php, (2) contentimages.class.php, (3) ipfunctions.php, (4) configfunctions.php, (5) printpagedetails.php, or (6) log.class.php. NOTE: the copyright.php vector is already covered by CVE-2006-3993.

Exploits (2)

exploitdb WORKING POC VERIFIED

by beford · textwebappsphp

https://www.exploit-db.com/exploits/2116

View Code ZIP pw:eip

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/2098

View Code ZIP pw:eip

References (8)

[Vendor Advisory] http://secunia.com/advisories/21291

[Product] http://sourceforge.net/forum/forum.php?forum_id=597790

[Exploit] http://www.securityfocus.com/bid/19326

[Product] http://sourceforge.net/forum/forum.php?thread_id=1546639&forum_id=369628

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/442098/100/0/threaded

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/2116

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/28107

[Third Party Advisory] http://securityreason.com/securityalert/1354

Scores

EPSS 0.2373

EPSS Percentile 96.0%

Details

Status published

Products (1)

tsep/tsep < 0.942

Published Aug 10, 2006

Tracked Since Feb 18, 2026