CVE-2006-1767
Summary
| CVE | CVE-2006-1767 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2006-04-13 10:02:00 UTC |
| Updated | 2025-04-03 01:03:51 UTC |
| Description | Multiple PHP remote file inclusion vulnerabilities in nicecoder.com INDEXU 5.0.0 and 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the theme_path parameter in (1) index.php, (2) become_editor.php, (3) add.php, (4) bad_link.php, (5) browse.php, (6) detail.php, (7) fav.php, (8) get_rated.php, (9) login.php, (10) mailing_list.php, (11) new.php, (12) modify.php, (13) pick.php, (14) power_search.php, (15) rating.php, (16) register.php, (17) review.php, (18) rss.php, (19) search.php, (20) send_pwd.php, (21) sendmail.php, (22) tell_friend.php, (23) top_rated.php, (24) user_detail.php, and (25) user_search.php; and the (26) base_path parameter in invoice.php. |
Risk And Classification
Primary CVSS: v2.0 7.5 from [email protected]
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS: 0.096770000 probability, percentile 0.929380000 (date 2026-04-22)
Problem Types: NVD-CWE-Other | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:L/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.osvdb.org/24596 | af854a3a-2127-422b-91ae-364da2661108 | www.osvdb.org | |
| www.osvdb.org/28417 | af854a3a-2127-422b-91ae-364da2661108 | www.osvdb.org | |
| www.osvdb.org/28426 | af854a3a-2127-422b-91ae-364da2661108 | www.osvdb.org | |
| SecurityTracker.com Archives - Indexu Include File Bug in 'theme_path' and 'base_path' Parameters Permits Remote Code Execution | af854a3a-2127-422b-91ae-364da2661108 | securitytracker.com | Exploit |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| www.osvdb.org/28415 | af854a3a-2127-422b-91ae-364da2661108 | www.osvdb.org | |
| www.osvdb.org/28413 | af854a3a-2127-422b-91ae-364da2661108 | www.osvdb.org | |
| www.osvdb.org/28422 | af854a3a-2127-422b-91ae-364da2661108 | www.osvdb.org | |
| www.osvdb.org/28419 | af854a3a-2127-422b-91ae-364da2661108 | www.osvdb.org | |
| SecurityTracker.com Archives - Indexu Include File Bug in Administrative Scripts in 'theme_path' and 'base_path' Parameters Lets Remote Users Execute Arbitrary Code | af854a3a-2127-422b-91ae-364da2661108 | securitytracker.com | |
| www.osvdb.org/28412 | af854a3a-2127-422b-91ae-364da2661108 | www.osvdb.org | |
| Indexu Multiple Remote File Include Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Exploit |
| www.osvdb.org/28410 | af854a3a-2127-422b-91ae-364da2661108 | www.osvdb.org | |
| www.osvdb.org/28406 | af854a3a-2127-422b-91ae-364da2661108 | www.osvdb.org | |
| ftp.kep.online.fr/Indexu_5.0.1_File_Inclusion_Exploit-by_King-Hacker_and-Khamai... | af854a3a-2127-422b-91ae-364da2661108 | ftp.kep.online.fr | |
| www.osvdb.org/28425 | af854a3a-2127-422b-91ae-364da2661108 | www.osvdb.org | |
| www.osvdb.org/28409 | af854a3a-2127-422b-91ae-364da2661108 | www.osvdb.org | |
| www.osvdb.org/24597 | af854a3a-2127-422b-91ae-364da2661108 | www.osvdb.org | |
| www.osvdb.org/28427 | af854a3a-2127-422b-91ae-364da2661108 | www.osvdb.org | |
| www.osvdb.org/28416 | af854a3a-2127-422b-91ae-364da2661108 | www.osvdb.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.