PHP Remote File Inclusion Vulnerabilities in WAHM E-Commerce Pie Cart Pro
CVE-2006-4969

Currently unrated

Key Information:

Vendor: Wahm E-commerce
Status: Pie Cart Pro
Vendor: CVE Published:; 25 September 2006

🔔 Create Wahm E-commerce Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 11%

What is CVE-2006-4969?

WAHM E-Commerce Pie Cart Pro contains multiple vulnerabilities that allow remote attackers to include arbitrary PHP files via manipulated URLs in various parameters. This enables the execution of arbitrary PHP code on the server, compromising the integrity and security of the application. Critical affected files include affiliates.php, orders.php, events.php, index.php, articles.php, faqs.php, guestbook.php, catalog.php, wholesale.php, weblinks.php, certificates.php, sitesearch.php, contact.php, sitemap.php, search.php, registry.php, and error.php. Addressing these vulnerabilities is essential to prevent unauthorized access and safeguard sensitive data.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2006-4969 - Proof of Concept

References

http://www.osvdb.org/29198

vdb-entryx_refsource_OSVDB

http://www.osvdb.org/29211

vdb-entryx_refsource_OSVDB

http://www.osvdb.org/29210

vdb-entryx_refsource_OSVDB

EPSS Score

11% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Sep 25, 2006
👾
Exploit known to exist
Sep 25, 2006
Vulnerability published
Sep 25, 2006
Vulnerability Reserved
Sep 24, 2006

CVE-2006-4969 Data

JSON