PHP Remote File Inclusion Vulnerabilities in Harpia CMS by Harpia
CVE-2006-7024

Currently unrated

Key Information:

Vendor: Harpia
Status: Harpia Cms
Vendor: CVE Published:; 15 February 2007

What is CVE-2006-7024?

Harpia CMS versions 1.0.5 and earlier are susceptible to multiple PHP remote file inclusion vulnerabilities. These vulnerabilities can be exploited by remote attackers to execute arbitrary PHP code. Attackers can manipulate parameters like 'func_prog', 'header_prog', 'theme_root', 'mod_root', 'mod_dir', and 'php_ext' in various scripts such as preload.php, index.php, missing.php, email.php, and several others. Successful exploitation of these flaws can lead to serious security breaches, compromising the integrity of the web application.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/27308

vdb-entryx_refsource_XF

https://www.exploit-db.com/exploits/1943

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/18614

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 15, 2007
Vulnerability Reserved
Feb 14, 2007