CVE-2006-4075 - Docpile:WE Remote PHP File Inclusion - Mehmet Ince @mdisec - Vulnerability Researcher | Building security products | Security Advisor

Description

Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition (docpile:we) 0.2.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the INIT_PATH parameter to (1) lib/folder.class.php, (2) lib/email.inc.php, (3) lib/document.class.php or (4) lib/auth.inc.php.

Vulnerability Information

Product / Framework: Wim_fleischhauer
Vendor Domain: sourceforge.net
Vulnerability Type: File Includion
CVE Details: View Full CVE Details →

CVE-2006-4075 – Docpile:WE Remote PHP File Inclusion

Description

Vulnerability Information

You may also enjoy…

The Story of a Perfect Exploit Chain: Six Bugs That Looked Harmless Until They Became Pre-Auth RCE in a Security Appliance

Inside PostHog: How SSRF, a ClickHouse SQL Escaping 0day, and Default PostgreSQL Credentials Formed an RCE Chain (ZDI-25-099, ZDI-25-097, ZDI-25-096)

The Chessboard of Security: Insights on Product Development and Vulnerabilities from a Hacker Perspective

Digital Cosmos: A Journey Through the Galaxy of Vulnerabilities

CVE-2021-3825 | LiderAhenk 0day – All your PARDUS Clients Belongs To Me