A vulnerability was found in OTSCMS 1.3.0/1.3.3/1.3.4/1.4.1 and classified as critical. This issue affects an unknown code. The manipulation of the argument GLOBALS[config][otscms][directories][classes] with an unknown input leads to a file inclusion vulnerability. Using CWE to declare the problem leads to CWE-73. The product allows user input to control or influence paths or file names that are used in filesystem operations. Impacted is confidentiality, integrity, and availability. The summary by CVE is:

PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open Tibia Server Content Management System (OTSCMS) 1.3.0 through 1.4.1 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][otscms][directories][classes] parameter.

The weakness was released 10/26/2006 (Website). The advisory is shared at milw0rm.com. The identification of this vulnerability is CVE-2006-5546 since 10/26/2006. The exploitation is known to be difficult. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details as well as a public exploit are known.

A public exploit has been developed by GregStar and been published before and not just after the advisory. The exploit is available at exploit-db.com. It is declared as proof-of-concept. The vulnerability was handled as a non-public zero-day exploit for at least 3 days. During that time the estimated underground price was around $0-$5k.

The vulnerability is also documented in the databases at X-Force (29719) and Exploit-DB (2622). Entries connected to this vulnerability are available at 32983 and 32982.

Productinfo

Name

• OTSCMS

Version

• 1.3.0
• 1.3.3
• 1.3.4
• 1.4.1

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion