CVE-2006-2686
Severity CVSS v4.0:
Pending analysis
Type:
CWE-94
Code Injection
Publication date:
31/05/2006
Last modified:
03/04/2025
Description
PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[AA_INC_PATH] parameter in (1) cached.php3, (2) cron.php3, (3) discussion.php3, (4) filldisc.php3, (5) filler.php3, (6) fillform.php3, (7) go.php3, (8) hiercons.php3, (9) jsview.php3, (10) live_checkbox.php3, (11) offline.php3, (12) post2shtml.php3, (13) search.php3, (14) slice.php3, (15) sql_update.php3, (16) view.php3, (17) multiple files in the (18) admin/ folder, (19) includes folder, and (20) modules/ folder.
Impact
Base Score 2.0
6.40
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:actionapps:actionapps:2.8.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/20299
- http://www.osvdb.org/27253
- http://www.osvdb.org/27254
- http://www.osvdb.org/27256
- http://www.osvdb.org/27257
- http://www.osvdb.org/27258
- http://www.osvdb.org/27259
- http://www.osvdb.org/27260
- http://www.osvdb.org/27261
- http://www.osvdb.org/27262
- http://www.osvdb.org/27263
- http://www.osvdb.org/27264
- http://www.osvdb.org/27265
- http://www.osvdb.org/27266
- http://www.osvdb.org/27267
- http://www.osvdb.org/27268
- http://www.osvdb.org/27269
- http://www.osvdb.org/27270
- http://www.osvdb.org/27271
- http://www.osvdb.org/27272
- http://www.osvdb.org/27273
- http://www.osvdb.org/27274
- http://www.osvdb.org/27275
- http://www.osvdb.org/27276
- http://www.osvdb.org/27277
- http://www.osvdb.org/27278
- http://www.osvdb.org/27279
- http://www.osvdb.org/27280
- http://www.osvdb.org/27281
- http://www.osvdb.org/27282
- http://www.osvdb.org/27283
- http://www.osvdb.org/27284
- http://www.osvdb.org/27285
- http://www.osvdb.org/27286
- http://www.osvdb.org/27287
- http://www.osvdb.org/27288
- http://www.osvdb.org/27289
- http://www.osvdb.org/27290
- http://www.osvdb.org/27291
- http://www.osvdb.org/27292
- http://www.osvdb.org/27293
- http://www.osvdb.org/27294
- http://www.osvdb.org/27295
- http://www.osvdb.org/27296
- http://www.osvdb.org/27297
- http://www.osvdb.org/27298
- http://www.osvdb.org/27299
- http://www.osvdb.org/27300
- http://www.osvdb.org/27301
- http://www.osvdb.org/27302
- http://www.osvdb.org/27303
- http://www.osvdb.org/27304
- http://www.osvdb.org/27305
- http://www.osvdb.org/27306
- http://www.osvdb.org/27308
- http://www.osvdb.org/27309
- http://www.osvdb.org/27310
- http://www.securityfocus.com/bid/19133
- http://www.vupen.com/english/advisories/2006/1997
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26776
- https://www.exploit-db.com/exploits/1829
- http://secunia.com/advisories/20299
- http://www.osvdb.org/27253
- http://www.osvdb.org/27254
- http://www.osvdb.org/27256
- http://www.osvdb.org/27257
- http://www.osvdb.org/27258
- http://www.osvdb.org/27259
- http://www.osvdb.org/27260
- http://www.osvdb.org/27261
- http://www.osvdb.org/27262
- http://www.osvdb.org/27263
- http://www.osvdb.org/27264
- http://www.osvdb.org/27265
- http://www.osvdb.org/27266
- http://www.osvdb.org/27267
- http://www.osvdb.org/27268
- http://www.osvdb.org/27269
- http://www.osvdb.org/27270
- http://www.osvdb.org/27271
- http://www.osvdb.org/27272
- http://www.osvdb.org/27273
- http://www.osvdb.org/27274
- http://www.osvdb.org/27275
- http://www.osvdb.org/27276
- http://www.osvdb.org/27277
- http://www.osvdb.org/27278
- http://www.osvdb.org/27279
- http://www.osvdb.org/27280
- http://www.osvdb.org/27281
- http://www.osvdb.org/27282
- http://www.osvdb.org/27283
- http://www.osvdb.org/27284
- http://www.osvdb.org/27285
- http://www.osvdb.org/27286
- http://www.osvdb.org/27287
- http://www.osvdb.org/27288
- http://www.osvdb.org/27289
- http://www.osvdb.org/27290
- http://www.osvdb.org/27291
- http://www.osvdb.org/27292
- http://www.osvdb.org/27293
- http://www.osvdb.org/27294
- http://www.osvdb.org/27295
- http://www.osvdb.org/27296
- http://www.osvdb.org/27297
- http://www.osvdb.org/27298
- http://www.osvdb.org/27299
- http://www.osvdb.org/27300
- http://www.osvdb.org/27301
- http://www.osvdb.org/27302
- http://www.osvdb.org/27303
- http://www.osvdb.org/27304
- http://www.osvdb.org/27305
- http://www.osvdb.org/27306
- http://www.osvdb.org/27308
- http://www.osvdb.org/27309
- http://www.osvdb.org/27310
- http://www.securityfocus.com/bid/19133
- http://www.vupen.com/english/advisories/2006/1997
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26776
- https://www.exploit-db.com/exploits/1829