PHP Remote File Inclusion Vulnerabilities in ISPConfig by ISPConfig
CVE-2006-3042

Currently unrated

Key Information:

Vendor

Ispconfig

Status
Ispconfig
Vendor
CVE Published:
15 June 2006

What is CVE-2006-3042?

Multiple vulnerabilities in ISPConfig 2.2.3 allow remote attackers to include arbitrary PHP files through manipulation of specific parameters in configuration scripts. Specifically, vulnerabilities in 'server.inc.php', 'app.inc.php', 'login.php', and 'trylogin.php' can facilitate remote code execution. The vendor contests these claims, arguing that the exposed scenarios do not reflect a standard installation. However, the implications of such vulnerabilities underscore the potential risks associated with improper handling of URL inputs in web applications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.osvdb.org/27474
vdb-entryx_refsource_OSVDB
http://www.securityfocus.com/archive/1/437415/100/100/thr...
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/18441
vdb-entryx_refsource_BID

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.