CVE-2006-4733 in sipsinfo

Summary

PHP remote file inclusion vulnerability in sipssys/code/box.inc.php in Haakon Nilsen simple, integrated publishing system (SIPS) 0.3.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the config[sipssys] parameter. NOTE: the product s documentation recommends placing the affected file outside of the web root, so the scope of issue is limited to admins who do not, or cannot, follow this recommendation.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

09/13/2006

Disclosure

09/13/2006

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-73

Exploit

Download

CVSS

7.3

EPSS

0.11460

CTI

0.00

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2006-4733
NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-4733
CVE Details	https://www.cvedetails.com/cve/CVE-2006-4733/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!