A vulnerability was found in PHPAdventure 1.1 Alpha and classified as critical. This issue affects an unknown function of the file ad_main.php. The manipulation of the argument _mygamefile with an unknown input leads to a file inclusion vulnerability. Using CWE to declare the problem leads to CWE-73. The product allows user input to control or influence paths or file names that are used in filesystem operations. Impacted is confidentiality, integrity, and availability. The summary by CVE is:

PHP remote file inclusion vulnerability in ad_main.php in PHPAdventure 1.1-Alpha and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _mygamefile parameter.

The weakness was published 11/09/2006 (Website). It is possible to read the advisory at milw0rm.com. The identification of this vulnerability is CVE-2006-5839 since 11/09/2006. The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details as well as a public exploit are known.

A public exploit has been developed by HER0 and been published before and not just after the advisory. The exploit is available at exploit-db.com. It is declared as proof-of-concept. The vulnerability was handled as a non-public zero-day exploit for at least 2 days. During that time the estimated underground price was around $0-$5k. By approaching the search of inurl:ad_main.php it is possible to find vulnerable targets with Google Hacking.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the databases at X-Force (30091) and Exploit-DB (2736).

Productinfo

Name

• PHPAdventure

Version

• 1.1 Alpha

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion