CVE-2006-1688

Exploit

EPSS 7.42%
Veröffentlicht 11.04.2006 00:02:00
Zuletzt bearbeitet 16.06.2026 22:23:26
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allow remote attackers to execute arbitrary PHP code via a URL in the libpath parameter to scripts in the lib directory including (1) ase.php, (2) devi.php, (3) doom3.php, (4) et.php, (5) flashpoint.php, (6) gameSpy.php, (7) gameSpy2.php, (8) gore.php, (9) gsvari.php, (10) halo.php, (11) hlife.php, (12) hlife2.php, (13) igi2.php, (14) main.lib.php, (15) netpanzer.php, (16) old_hlife.php, (17) pkill.php, (18) q2a.php, (19) q3a.php, (20) qworld.php, (21) rene.php, (22) rvbshld.php, (23) savage.php, (24) simracer.php, (25) sof1.php, (26) sof2.php, (27) unreal.php, (28) ut2004.php, and (29) vietcong.php. NOTE: the lib/armygame.php vector is already covered by CVE-2006-1610. The provenance of most of these additional vectors is unknown, although likely from post-disclosure analysis.  NOTE: this only occurs when register_globals is disabled.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 43

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Squery ≫ Squery Version <= 4.5

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	7.42%	0.937

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://secunia.com/advisories/19482

Vendor Advisory

http://www.securityfocus.com/bid/17434

Exploit

http://liz0zim.no-ip.org/alp.txt

Exploit

http://secunia.com/advisories/19588

Vendor Advisory

http://securityreason.com/securityalert/679

http://securitytracker.com/id?1015884

Exploit

http://www.blogcu.com/Liz0ziM/431845/

Exploit

URL Repurposed

http://www.osvdb.org/24401

http://www.osvdb.org/24402

http://www.osvdb.org/24403

http://www.osvdb.org/24404

http://www.osvdb.org/24405

http://www.osvdb.org/24406

http://www.osvdb.org/24407

Exploit

http://www.osvdb.org/24408

http://www.osvdb.org/24409

http://www.osvdb.org/24410

http://www.osvdb.org/24411

http://www.osvdb.org/24412

http://www.osvdb.org/24413

http://www.osvdb.org/24414

http://www.osvdb.org/24415

http://www.osvdb.org/24416

http://www.osvdb.org/24417

http://www.osvdb.org/24418

http://www.osvdb.org/24419

http://www.osvdb.org/24420

http://www.osvdb.org/24421

http://www.osvdb.org/24422

http://www.osvdb.org/24423

http://www.osvdb.org/24424

http://www.osvdb.org/24425

http://www.osvdb.org/24426

http://www.osvdb.org/24427

http://www.osvdb.org/24428

http://www.osvdb.org/24429

http://www.securityfocus.com/archive/1/430289/100/0/threaded

http://www.securityfocus.com/archive/1/439874/100/0/threaded

http://www.securityfocus.com/archive/1/441015/100/0/threaded

http://www.vupen.com/english/advisories/2006/1284

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2006-1688

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-1688

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-1688

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2006-1688