CVE-2006-1819

N/A Unknown
Published: April 18, 2006 Modified: April 16, 2026
View on NVD

Description

Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hub_dir parameter, as demonstrated by including access_log. NOTE: in some cases, arbitrary remote file inclusion could be performed under PHP 5 using an SMB share argument such as "\\systemname\sharename".

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://downloads.securityfocus.com/vulnerabilities/exploits/PHPWebSite_fi_poc
Source: cve@mitre.org
http://secunia.com/advisories/19647
Source: cve@mitre.org
http://secunia.com/advisories/19914
Source: cve@mitre.org
http://securitytracker.com/id?1015942
Source: cve@mitre.org
http://www.gentoo.org/security/en/glsa/glsa-200605-04.xml
Source: cve@mitre.org
http://www.securityfocus.com/bid/17521
Source: cve@mitre.org
Exploit
http://www.vupen.com/english/advisories/2006/1361
Source: cve@mitre.org
https://exchange.xforce.ibmcloud.com/vulnerabilities/25867
Source: cve@mitre.org
https://www.exploit-db.com/exploits/1673
Source: cve@mitre.org
http://downloads.securityfocus.com/vulnerabilities/exploits/PHPWebSite_fi_poc
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/19647
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/19914
Source: af854a3a-2127-422b-91ae-364da2661108
http://securitytracker.com/id?1015942
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.gentoo.org/security/en/glsa/glsa-200605-04.xml
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/17521
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
http://www.vupen.com/english/advisories/2006/1361
Source: af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/25867
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.exploit-db.com/exploits/1673
Source: af854a3a-2127-422b-91ae-364da2661108

18 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
1.5%
81th percentile
Exploitation Status
Not in CISA KEV

Affected Vendors

phpwebsite