Back to search
CVE-2006-2877
Published: Jun 7, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlier allows remote attackers to include arbitrary PHP files via the include_prefix parameter in (1) inc/dbase.php, (2) inc/config.php, (3) inc/common.php, and (4) inc/function.php. NOTE: it has been reported that the inc directory is protected by a .htaccess file, so this issue only applies in certain environments or configurations.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
26601
vdb-entry
x_refsource_OSVDB
26600
vdb-entry
x_refsource_OSVDB
20060605 Re: Bookmark4U Remote File Include
mailing-list
x_refsource_BUGTRAQ
bookmark4u-includeprefix-file-include(26933)
vdb-entry
x_refsource_XF
19758
third-party-advisory
x_refsource_SECUNIA
26602
vdb-entry
x_refsource_OSVDB
26599
vdb-entry
x_refsource_OSVDB
1058
third-party-advisory
x_refsource_SREASON
20060604 Bookmark4U Remote File Include
mailing-list
x_refsource_BUGTRAQ
18281
vdb-entry
x_refsource_BID
1016224
vdb-entry
x_refsource_SECTRACK
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now