CyberSec.Space Logo
Back to CVE Browser

CVE-2006-4277

HIGH
7.5
CVSS Severity Score
EPSS Score0.1030%
EPSS Percentile6.51th
PublishedAug 21, 2006
Last ModifiedApr 16, 2026

Vulnerability Description

Multiple PHP remote file inclusion vulnerabilities in Tutti Nova 1.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the TNLIB_DIR parameter to (1) include/novalib/class.novaAdmin.mysql.php and (2) novalib/class.novaRead.mysql.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Affected Platforms (CPE)

πŸ“¦
Tutti Nova

Tutti Nova

<= 1.6

References & Advisories

πŸ”— http://secunia.com/advisories/21572
πŸ”— http://www.osvdb.org/28029
πŸ”— http://www.osvdb.org/28030
πŸ”— http://www.securityfocus.com/bid/19612
πŸ”— http://www.vupen.com/english/advisories/2006/3335
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/28471
πŸ”— http://secunia.com/advisories/21572
πŸ”— http://www.osvdb.org/28029

Related Vulnerabilities

CVE-2004-245310.0

Unknown vulnerability in Tutti Nova 0.10 through 0.12 (Beta) and 0.9.4, when register_globals is enabled, has unknown impact and a...

CVE-2006-42767.5

PHP remote file inclusion vulnerability in Tutti Nova 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a ...

CVE-2006-075110.0

Multiple unspecified vulnerabilities in the (1) Filesystem in USErspace (FUSE) client and (2) NOOFS daemon in in Network Object Or...

CVE-2006-086410.0

filescan in Global Hauri ViRobot 2.0 20050817 does not verify the Cookie HTTP header, which allows remote attackers to gain admini...