CVEブラウザに戻る

CVE-2006-4026

HIGH

7.5

CVSS Severity Score

EPSS Score0.0510%

EPSS Percentile31.68th

Published2006年8月9日

Last Modified2026年4月16日

Vulnerability Description

PHP remote file inclusion vulnerability in SAPID CMS 123 rc3 allows remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter in usr/extensions/get_infochannel.inc.php and the (2) GLOBALS["root_path"] parameter in usr/extensions/get_tree.inc.php.

Affected Platforms (CPE)

📦

Redgraphic

Sapid Cms

= 1.2.3

References & Advisories

🔗 http://secunia.com/advisories/21410

🔗 http://securityreason.com/securityalert/1346

🔗 http://securitytracker.com/id?1016650

🔗 http://www.securityfocus.com/archive/1/442425/100/0/threaded

🔗 http://www.securityfocus.com/bid/19383

🔗 http://www.vupen.com/english/advisories/2006/3191

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/28250

🔗 https://www.exploit-db.com/exploits/2128

関連する脆弱性情報

CVE-2005-400710.0

Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, related to newly registered users and possibly authorization ch...

CVE-2005-40067.5

SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files (1) insert_...

CVE-2012-52937.5

Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 Stable allow remote attackers to execute arbitrary PHP code ...

CVE-2007-50566.8

Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made S...