Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities by sangwan_kim
CVE-2006-7025 (GCVE-0-2006-7025)
Vulnerability from nvd – Published: 2007-02-23 01:00 – Updated: 2024-08-07 20:50
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and 2.1 allows remote attackers to inject arbitrary SQL command via the sqlcmd parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/1456 | vdb-entryx_refsource_VUPEN |
| http://www.osvdb.org/24795 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/19758 | third-party-advisoryx_refsource_SECUNIA |
| http://www.attrition.org/pipermail/vim/2007-Febru… | mailing-listx_refsource_VIM |
| http://marc.info/?l=full-disclosure&m=11455516391… | mailing-listx_refsource_FULLDISC |
Date Public
2006-04-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:50:05.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-1456",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1456"
},
{
"name": "24795",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24795"
},
{
"name": "bookmark4u-config-sql-injection(25956)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25956"
},
{
"name": "19758",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19758"
},
{
"name": "20070222 Source verify and clarification of old bookmark4u SQL injection",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-February/001373.html"
},
{
"name": "20060420 Sql Injection in BookMark4u",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=114555163911635\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and 2.1 allows remote attackers to inject arbitrary SQL command via the sqlcmd parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-1456",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1456"
},
{
"name": "24795",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24795"
},
{
"name": "bookmark4u-config-sql-injection(25956)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25956"
},
{
"name": "19758",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19758"
},
{
"name": "20070222 Source verify and clarification of old bookmark4u SQL injection",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-February/001373.html"
},
{
"name": "20060420 Sql Injection in BookMark4u",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=114555163911635\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and 2.1 allows remote attackers to inject arbitrary SQL command via the sqlcmd parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1456",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1456"
},
{
"name": "24795",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24795"
},
{
"name": "bookmark4u-config-sql-injection(25956)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25956"
},
{
"name": "19758",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19758"
},
{
"name": "20070222 Source verify and clarification of old bookmark4u SQL injection",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-February/001373.html"
},
{
"name": "20060420 Sql Injection in BookMark4u",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=114555163911635\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-7025",
"datePublished": "2007-02-23T01:00:00.000Z",
"dateReserved": "2007-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:50:05.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0499 (GCVE-0-2007-0499)
Vulnerability from nvd – Published: 2007-01-25 21:00 – Updated: 2024-08-07 12:19
VLAI
EPSS
VEX
Summary
PHP remote file inclusion vulnerability in config.php in Sangwan Kim phpIndexPage 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[inc_path] parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/3164 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/23992 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/22161 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2007/0267 | vdb-entryx_refsource_VUPEN |
| http://osvdb.org/33014 | vdb-entryx_refsource_OSVDB |
Date Public
2007-01-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:19:30.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3164",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3164"
},
{
"name": "23992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23992"
},
{
"name": "22161",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22161"
},
{
"name": "ADV-2007-0267",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0267"
},
{
"name": "33014",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33014"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in config.php in Sangwan Kim phpIndexPage 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[inc_path] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3164",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3164"
},
{
"name": "23992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23992"
},
{
"name": "22161",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22161"
},
{
"name": "ADV-2007-0267",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0267"
},
{
"name": "33014",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33014"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in config.php in Sangwan Kim phpIndexPage 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[inc_path] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3164",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3164"
},
{
"name": "23992",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23992"
},
{
"name": "22161",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22161"
},
{
"name": "ADV-2007-0267",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0267"
},
{
"name": "33014",
"refsource": "OSVDB",
"url": "http://osvdb.org/33014"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0499",
"datePublished": "2007-01-25T21:00:00.000Z",
"dateReserved": "2007-01-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:19:30.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2877 (GCVE-0-2006-2877)
Vulnerability from nvd – Published: 2006-06-07 00:00 – Updated: 2024-08-07 18:06
VLAI
EPSS
VEX
Summary
PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlier allows remote attackers to include arbitrary PHP files via the include_prefix parameter in (1) inc/dbase.php, (2) inc/config.php, (3) inc/common.php, and (4) inc/function.php. NOTE: it has been reported that the inc directory is protected by a .htaccess file, so this issue only applies in certain environments or configurations.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/26601 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/26600 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/436027/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/19758 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/26602 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/26599 | vdb-entryx_refsource_OSVDB |
| http://securityreason.com/securityalert/1058 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/435964/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/18281 | vdb-entryx_refsource_BID |
| http://securitytracker.com/id?1016224 | vdb-entryx_refsource_SECTRACK |
Date Public
2006-06-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:27.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26601",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26601"
},
{
"name": "26600",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26600"
},
{
"name": "20060605 Re: Bookmark4U Remote File Include",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/436027/100/0/threaded"
},
{
"name": "bookmark4u-includeprefix-file-include(26933)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26933"
},
{
"name": "19758",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19758"
},
{
"name": "26602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26602"
},
{
"name": "26599",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26599"
},
{
"name": "1058",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1058"
},
{
"name": "20060604 Bookmark4U Remote File Include",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/435964/100/0/threaded"
},
{
"name": "18281",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18281"
},
{
"name": "1016224",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016224"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlier allows remote attackers to include arbitrary PHP files via the include_prefix parameter in (1) inc/dbase.php, (2) inc/config.php, (3) inc/common.php, and (4) inc/function.php. NOTE: it has been reported that the inc directory is protected by a .htaccess file, so this issue only applies in certain environments or configurations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26601",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26601"
},
{
"name": "26600",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26600"
},
{
"name": "20060605 Re: Bookmark4U Remote File Include",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/436027/100/0/threaded"
},
{
"name": "bookmark4u-includeprefix-file-include(26933)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26933"
},
{
"name": "19758",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19758"
},
{
"name": "26602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26602"
},
{
"name": "26599",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26599"
},
{
"name": "1058",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1058"
},
{
"name": "20060604 Bookmark4U Remote File Include",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/435964/100/0/threaded"
},
{
"name": "18281",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18281"
},
{
"name": "1016224",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016224"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlier allows remote attackers to include arbitrary PHP files via the include_prefix parameter in (1) inc/dbase.php, (2) inc/config.php, (3) inc/common.php, and (4) inc/function.php. NOTE: it has been reported that the inc directory is protected by a .htaccess file, so this issue only applies in certain environments or configurations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26601",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26601"
},
{
"name": "26600",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26600"
},
{
"name": "20060605 Re: Bookmark4U Remote File Include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436027/100/0/threaded"
},
{
"name": "bookmark4u-includeprefix-file-include(26933)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26933"
},
{
"name": "19758",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19758"
},
{
"name": "26602",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26602"
},
{
"name": "26599",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26599"
},
{
"name": "1058",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1058"
},
{
"name": "20060604 Bookmark4U Remote File Include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435964/100/0/threaded"
},
{
"name": "18281",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18281"
},
{
"name": "1016224",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016224"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2877",
"datePublished": "2006-06-07T00:00:00.000Z",
"dateReserved": "2006-06-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:06:27.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1253 (GCVE-0-2003-1253)
Vulnerability from nvd – Published: 2005-11-16 07:37 – Updated: 2024-08-08 02:19
VLAI
EPSS
VEX
Summary
PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows remote attackers to execute arbitrary PHP code viaa URL in the prefix parameter to (1) dbase.php, (2) config.php, or (3) common.load.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.iss.net/security_center/static/11009.php | vdb-entryx_refsource_XF |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
Date Public
2003-01-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:19:46.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "bookmark4u-file-include(11009)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/11009.php"
},
{
"name": "20030106 Bookmar4U and Active PHP Bookmarks Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0049.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-01-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows remote attackers to execute arbitrary PHP code viaa URL in the prefix parameter to (1) dbase.php, (2) config.php, or (3) common.load.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-02-28T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "bookmark4u-file-include(11009)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/11009.php"
},
{
"name": "20030106 Bookmar4U and Active PHP Bookmarks Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0049.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows remote attackers to execute arbitrary PHP code viaa URL in the prefix parameter to (1) dbase.php, (2) config.php, or (3) common.load.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bookmark4u-file-include(11009)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11009.php"
},
{
"name": "20030106 Bookmar4U and Active PHP Bookmarks Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0049.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1253",
"datePublished": "2005-11-16T07:37:00.000Z",
"dateReserved": "2005-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:19:46.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-7025 (GCVE-0-2006-7025)
Vulnerability from cvelistv5 – Published: 2007-02-23 01:00 – Updated: 2024-08-07 20:50
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and 2.1 allows remote attackers to inject arbitrary SQL command via the sqlcmd parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/1456 | vdb-entryx_refsource_VUPEN |
| http://www.osvdb.org/24795 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/19758 | third-party-advisoryx_refsource_SECUNIA |
| http://www.attrition.org/pipermail/vim/2007-Febru… | mailing-listx_refsource_VIM |
| http://marc.info/?l=full-disclosure&m=11455516391… | mailing-listx_refsource_FULLDISC |
Date Public
2006-04-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:50:05.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-1456",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1456"
},
{
"name": "24795",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24795"
},
{
"name": "bookmark4u-config-sql-injection(25956)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25956"
},
{
"name": "19758",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19758"
},
{
"name": "20070222 Source verify and clarification of old bookmark4u SQL injection",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-February/001373.html"
},
{
"name": "20060420 Sql Injection in BookMark4u",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=114555163911635\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and 2.1 allows remote attackers to inject arbitrary SQL command via the sqlcmd parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-1456",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1456"
},
{
"name": "24795",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24795"
},
{
"name": "bookmark4u-config-sql-injection(25956)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25956"
},
{
"name": "19758",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19758"
},
{
"name": "20070222 Source verify and clarification of old bookmark4u SQL injection",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-February/001373.html"
},
{
"name": "20060420 Sql Injection in BookMark4u",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=114555163911635\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and 2.1 allows remote attackers to inject arbitrary SQL command via the sqlcmd parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1456",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1456"
},
{
"name": "24795",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24795"
},
{
"name": "bookmark4u-config-sql-injection(25956)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25956"
},
{
"name": "19758",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19758"
},
{
"name": "20070222 Source verify and clarification of old bookmark4u SQL injection",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-February/001373.html"
},
{
"name": "20060420 Sql Injection in BookMark4u",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=114555163911635\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-7025",
"datePublished": "2007-02-23T01:00:00.000Z",
"dateReserved": "2007-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:50:05.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0499 (GCVE-0-2007-0499)
Vulnerability from cvelistv5 – Published: 2007-01-25 21:00 – Updated: 2024-08-07 12:19
VLAI
EPSS
VEX
Summary
PHP remote file inclusion vulnerability in config.php in Sangwan Kim phpIndexPage 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[inc_path] parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/3164 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/23992 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/22161 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2007/0267 | vdb-entryx_refsource_VUPEN |
| http://osvdb.org/33014 | vdb-entryx_refsource_OSVDB |
Date Public
2007-01-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:19:30.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3164",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3164"
},
{
"name": "23992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23992"
},
{
"name": "22161",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22161"
},
{
"name": "ADV-2007-0267",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0267"
},
{
"name": "33014",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33014"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in config.php in Sangwan Kim phpIndexPage 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[inc_path] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3164",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3164"
},
{
"name": "23992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23992"
},
{
"name": "22161",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22161"
},
{
"name": "ADV-2007-0267",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0267"
},
{
"name": "33014",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33014"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in config.php in Sangwan Kim phpIndexPage 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[inc_path] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3164",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3164"
},
{
"name": "23992",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23992"
},
{
"name": "22161",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22161"
},
{
"name": "ADV-2007-0267",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0267"
},
{
"name": "33014",
"refsource": "OSVDB",
"url": "http://osvdb.org/33014"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0499",
"datePublished": "2007-01-25T21:00:00.000Z",
"dateReserved": "2007-01-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:19:30.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2877 (GCVE-0-2006-2877)
Vulnerability from cvelistv5 – Published: 2006-06-07 00:00 – Updated: 2024-08-07 18:06
VLAI
EPSS
VEX
Summary
PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlier allows remote attackers to include arbitrary PHP files via the include_prefix parameter in (1) inc/dbase.php, (2) inc/config.php, (3) inc/common.php, and (4) inc/function.php. NOTE: it has been reported that the inc directory is protected by a .htaccess file, so this issue only applies in certain environments or configurations.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/26601 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/26600 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/436027/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/19758 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/26602 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/26599 | vdb-entryx_refsource_OSVDB |
| http://securityreason.com/securityalert/1058 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/435964/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/18281 | vdb-entryx_refsource_BID |
| http://securitytracker.com/id?1016224 | vdb-entryx_refsource_SECTRACK |
Date Public
2006-06-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:27.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26601",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26601"
},
{
"name": "26600",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26600"
},
{
"name": "20060605 Re: Bookmark4U Remote File Include",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/436027/100/0/threaded"
},
{
"name": "bookmark4u-includeprefix-file-include(26933)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26933"
},
{
"name": "19758",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19758"
},
{
"name": "26602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26602"
},
{
"name": "26599",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26599"
},
{
"name": "1058",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1058"
},
{
"name": "20060604 Bookmark4U Remote File Include",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/435964/100/0/threaded"
},
{
"name": "18281",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18281"
},
{
"name": "1016224",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016224"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlier allows remote attackers to include arbitrary PHP files via the include_prefix parameter in (1) inc/dbase.php, (2) inc/config.php, (3) inc/common.php, and (4) inc/function.php. NOTE: it has been reported that the inc directory is protected by a .htaccess file, so this issue only applies in certain environments or configurations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26601",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26601"
},
{
"name": "26600",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26600"
},
{
"name": "20060605 Re: Bookmark4U Remote File Include",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/436027/100/0/threaded"
},
{
"name": "bookmark4u-includeprefix-file-include(26933)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26933"
},
{
"name": "19758",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19758"
},
{
"name": "26602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26602"
},
{
"name": "26599",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26599"
},
{
"name": "1058",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1058"
},
{
"name": "20060604 Bookmark4U Remote File Include",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/435964/100/0/threaded"
},
{
"name": "18281",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18281"
},
{
"name": "1016224",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016224"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlier allows remote attackers to include arbitrary PHP files via the include_prefix parameter in (1) inc/dbase.php, (2) inc/config.php, (3) inc/common.php, and (4) inc/function.php. NOTE: it has been reported that the inc directory is protected by a .htaccess file, so this issue only applies in certain environments or configurations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26601",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26601"
},
{
"name": "26600",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26600"
},
{
"name": "20060605 Re: Bookmark4U Remote File Include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436027/100/0/threaded"
},
{
"name": "bookmark4u-includeprefix-file-include(26933)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26933"
},
{
"name": "19758",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19758"
},
{
"name": "26602",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26602"
},
{
"name": "26599",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26599"
},
{
"name": "1058",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1058"
},
{
"name": "20060604 Bookmark4U Remote File Include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435964/100/0/threaded"
},
{
"name": "18281",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18281"
},
{
"name": "1016224",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016224"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2877",
"datePublished": "2006-06-07T00:00:00.000Z",
"dateReserved": "2006-06-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:06:27.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1253 (GCVE-0-2003-1253)
Vulnerability from cvelistv5 – Published: 2005-11-16 07:37 – Updated: 2024-08-08 02:19
VLAI
EPSS
VEX
Summary
PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows remote attackers to execute arbitrary PHP code viaa URL in the prefix parameter to (1) dbase.php, (2) config.php, or (3) common.load.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.iss.net/security_center/static/11009.php | vdb-entryx_refsource_XF |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
Date Public
2003-01-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:19:46.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "bookmark4u-file-include(11009)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/11009.php"
},
{
"name": "20030106 Bookmar4U and Active PHP Bookmarks Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0049.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-01-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows remote attackers to execute arbitrary PHP code viaa URL in the prefix parameter to (1) dbase.php, (2) config.php, or (3) common.load.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-02-28T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "bookmark4u-file-include(11009)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/11009.php"
},
{
"name": "20030106 Bookmar4U and Active PHP Bookmarks Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0049.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows remote attackers to execute arbitrary PHP code viaa URL in the prefix parameter to (1) dbase.php, (2) config.php, or (3) common.load.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bookmark4u-file-include(11009)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11009.php"
},
{
"name": "20030106 Bookmar4U and Active PHP Bookmarks Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0049.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1253",
"datePublished": "2005-11-16T07:37:00.000Z",
"dateReserved": "2005-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:19:46.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}