NVD

Id
60393  
Name
CVE-2006-1688  
Description
Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allow remote attackers to execute arbitrary PHP code via a URL in the libpath parameter to scripts in the lib directory including (1) ase.php, (2) devi.php, (3) doom3.php, (4) et.php, (5) flashpoint.php, (6) gameSpy.php, (7) gameSpy2.php, (8) gore.php, (9) gsvari.php, (10) halo.php, (11) hlife.php, (12) hlife2.php, (13) igi2.php, (14) main.lib.php, (15) netpanzer.php, (16) old_hlife.php, (17) pkill.php, (18) q2a.php, (19) q3a.php, (20) qworld.php, (21) rene.php, (22) rvbshld.php, (23) savage.php, (24) simracer.php, (25) sof1.php, (26) sof2.php, (27) unreal.php, (28) ut2004.php, and (29) vietcong.php. NOTE: the lib/armygame.php vector is already covered by CVE-2006-1610. The provenance of most of these additional vectors is unknown, although likely from post-disclosure analysis. NOTE: this only occurs when register_globals is disabled.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2016-12-20  
Published
2006-04-10  
Modified Date
2011-09-08  
Seq
2006-1688  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
311030 60393 CVE-2006-1688 http://liz0zim.no-ip.org/alp.txt  View
311031 60393 CVE-2006-1688 679  View
311032 60393 CVE-2006-1688 1015884  View
311033 60393 CVE-2006-1688 http://www.blogcu.com/Liz0ziM/431845/  View
311034 60393 CVE-2006-1688 20060408 Autonomous LAN party File iNclusion  View
311035 60393 CVE-2006-1688 20060710 SQuery <= 4.5(libpath) Remote File Inclusion Exploit  View
311036 60393 CVE-2006-1688 20060724 SQuery v.x (devi.php) (armygame.php) Remote File Inclusion  View
311037 60393 CVE-2006-1688 17434  View
311038 60393 CVE-2006-1688 ADV-2006-1284  View

Related JVN