CVE-2006-4287 - OpenCVE

Multiple PHP remote file inclusion vulnerabilities in NES Game and NES System c108122 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) phphtmllib parameter to (a) phphtmllib/includes.php; tag_utils/ scripts including (b) divtag_utils.php, (c) form_utils.php, (d) html_utils.php, and (e) localinc.php; and widgets/ scripts including (f) FooterNav.php, (g) HTMLPageClass.php, (h) InfoTable.php, (i) localinc.php, (j) NavTable.php, and (k) TextNav.php.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Nes System	Nes System
Nes Game	Nes Game

Configuration 1 [-]

OR	cpe:2.3:a:nes_game:nes_game:c108122:::::::*
	cpe:2.3:a:nes_system:nes_system:c108122:::::::*

References

Link	Resource
http://secunia.com/advisories/21593	Exploit Vendor Advisory
http://www.osvdb.org/28044
http://www.osvdb.org/28045
http://www.osvdb.org/28046
http://www.osvdb.org/28047
http://www.osvdb.org/28048
http://www.osvdb.org/28049
http://www.osvdb.org/28050
http://www.osvdb.org/28051
http://www.osvdb.org/28052
http://www.osvdb.org/28053
http://www.osvdb.org/28054
http://www.rahim.webd.pl/exploity/Exploits/61.html	Exploit
http://www.securityfocus.com/bid/19611	Exploit
http://www.vupen.com/english/advisories/2006/3339
https://exchange.xforce.ibmcloud.com/vulnerabilities/28486
https://www.exploit-db.com/exploits/2226

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-08-22T17:00:00

Updated: 2017-10-18T16:57:01

Reserved: 2006-08-22T00:00:00

Link: CVE-2006-4287

JSON object: View

NVD Information

Status : Modified

Published: 2006-08-22T17:04:00.000

Modified: 2017-10-19T01:29:19.957

Link: CVE-2006-4287

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-08-20T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple PHP remote file inclusion vulnerabilities in NES Game and NES System c108122 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) phphtmllib parameter to (a) phphtmllib/includes.php; tag_utils/ scripts including (b) divtag_utils.php, (c) form_utils.php, (d) html_utils.php, and (e) localinc.php; and widgets/ scripts including (f) FooterNav.php, (g) HTMLPageClass.php, (h) InfoTable.php, (i) localinc.php, (j) NavTable.php, and (k) TextNav.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-18T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "28045", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28045"}, {"name": "28044", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28044"}, {"name": "28054", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28054"}, {"name": "28049", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28049"}, {"name": "28053", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28053"}, {"tags": ["x_refsource_MISC"], "url": "http://www.rahim.webd.pl/exploity/Exploits/61.html"}, {"name": "21593", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21593"}, {"name": "28052", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28052"}, {"name": "ADV-2006-3339", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3339"}, {"name": "nesgame-phphtmllib-file-include(28486)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28486"}, {"name": "28047", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28047"}, {"name": "28048", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28048"}, {"name": "28051", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28051"}, {"name": "28050", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28050"}, {"name": "2226", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/2226"}, {"name": "19611", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19611"}, {"name": "28046", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28046"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4287", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple PHP remote file inclusion vulnerabilities in NES Game and NES System c108122 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) phphtmllib parameter to (a) phphtmllib/includes.php; tag_utils/ scripts including (b) divtag_utils.php, (c) form_utils.php, (d) html_utils.php, and (e) localinc.php; and widgets/ scripts including (f) FooterNav.php, (g) HTMLPageClass.php, (h) InfoTable.php, (i) localinc.php, (j) NavTable.php, and (k) TextNav.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "28045", "refsource": "OSVDB", "url": "http://www.osvdb.org/28045"}, {"name": "28044", "refsource": "OSVDB", "url": "http://www.osvdb.org/28044"}, {"name": "28054", "refsource": "OSVDB", "url": "http://www.osvdb.org/28054"}, {"name": "28049", "refsource": "OSVDB", "url": "http://www.osvdb.org/28049"}, {"name": "28053", "refsource": "OSVDB", "url": "http://www.osvdb.org/28053"}, {"name": "http://www.rahim.webd.pl/exploity/Exploits/61.html", "refsource": "MISC", "url": "http://www.rahim.webd.pl/exploity/Exploits/61.html"}, {"name": "21593", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21593"}, {"name": "28052", "refsource": "OSVDB", "url": "http://www.osvdb.org/28052"}, {"name": "ADV-2006-3339", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3339"}, {"name": "nesgame-phphtmllib-file-include(28486)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28486"}, {"name": "28047", "refsource": "OSVDB", "url": "http://www.osvdb.org/28047"}, {"name": "28048", "refsource": "OSVDB", "url": "http://www.osvdb.org/28048"}, {"name": "28051", "refsource": "OSVDB", "url": "http://www.osvdb.org/28051"}, {"name": "28050", "refsource": "OSVDB", "url": "http://www.osvdb.org/28050"}, {"name": "2226", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/2226"}, {"name": "19611", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19611"}, {"name": "28046", "refsource": "OSVDB", "url": "http://www.osvdb.org/28046"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4287", "datePublished": "2006-08-22T17:00:00", "dateReserved": "2006-08-22T00:00:00", "dateUpdated": "2017-10-18T16:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nes_game:nes_game:c108122:*:*:*:*:*:*:*", "matchCriteriaId": "8F1E85D3-50B3-4468-A67D-083016E779F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:nes_system:nes_system:c108122:*:*:*:*:*:*:*", "matchCriteriaId": "DFEA901D-3859-478E-8BD9-B5F3C2E79711", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple PHP remote file inclusion vulnerabilities in NES Game and NES System c108122 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) phphtmllib parameter to (a) phphtmllib/includes.php; tag_utils/ scripts including (b) divtag_utils.php, (c) form_utils.php, (d) html_utils.php, and (e) localinc.php; and widgets/ scripts including (f) FooterNav.php, (g) HTMLPageClass.php, (h) InfoTable.php, (i) localinc.php, (j) NavTable.php, and (k) TextNav.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inclusi\u00f3n remota de archivo en PHP en NES Game y NES System c108122 y anteriores permiten a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante una URL en el par\u00e1metro (1) phphtmllib de (a) phphtmllib/includes.php; archivos de tag_utils/ que incluyen (b) divtag_utils.php, (c) form_utils.php, (d) html_utils.php, and (e) localinc.php; y archivos de widgets/ que incluyen (f) FooterNav.php, (g) HTMLPageClass.php, (h) InfoTable.php, (i) localinc.php, (j) NavTable.php, y (k) TextNav.php."}], "id": "CVE-2006-4287", "lastModified": "2017-10-19T01:29:19.957", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-08-22T17:04:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://secunia.com/advisories/21593"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28044"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28045"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28046"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28047"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28048"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28049"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28050"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28051"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28052"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28053"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28054"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.rahim.webd.pl/exploity/Exploits/61.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/19611"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/3339"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28486"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/2226"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}