Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-5220

Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the webyep_sIncludePath in (1) files in the programm/lib/ directory including (a) WYApplication.php, (b) WYDocument.php, (c) WYEditor.php, (d) WYElement.php, (e) WYFile.php, (f) WYHTMLTag.php, (g) WYImage.php, (h) WYLanguage.php, (i) WYLink.php, (j) WYPath.php, (k) WYPopupWindowLink.php, (l) WYSelectMenu.php, and (m) WYTextArea.php; (2) files in the programm/elements/ directory including (n) WYGalleryElement.php, (o) WYGuestbookElement.php, (p) WYImageElement.php, (q) WYLogonButtonElement.php, (r) WYLongTextElement.php, (s) WYLoopElement.php, (t) WYMenuElement.php, and (u) WYShortTextElement.php; and (3) programm/webyep.php.

Published

2006-10-10T04:06:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

4.9

Impact Score

6.4

Weaknesses

Type: Primary
CWE-94

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	objective_development	webyep	1.1.9	Yes

References

http://advisories.echo.or.id/adv/adv48-theday-2006.txt Vendor Advisory ([email protected])
http://secunia.com/advisories/22336 Vendor Advisory ([email protected])
http://securityreason.com/securityalert/1702 ([email protected])
http://securitytracker.com/id?1017023 ([email protected])
http://www.obdev.at/products/webyep/release-notes.html ([email protected])
http://www.osvdb.org/29643 ([email protected])
http://www.osvdb.org/29644 ([email protected])
http://www.osvdb.org/29645 ([email protected])
http://www.osvdb.org/29646 ([email protected])
http://www.osvdb.org/29647 ([email protected])
http://www.osvdb.org/29648 ([email protected])
http://www.osvdb.org/29649 ([email protected])
http://www.osvdb.org/29650 ([email protected])
http://www.osvdb.org/29651 ([email protected])
http://www.osvdb.org/29652 ([email protected])
http://www.osvdb.org/29653 ([email protected])
http://www.osvdb.org/29654 ([email protected])
http://www.osvdb.org/29655 ([email protected])
http://www.osvdb.org/29656 ([email protected])
http://www.osvdb.org/29657 ([email protected])
http://www.osvdb.org/29658 ([email protected])
http://www.osvdb.org/29659 ([email protected])
http://www.osvdb.org/29660 ([email protected])
http://www.osvdb.org/29661 ([email protected])
http://www.osvdb.org/29662 ([email protected])
http://www.osvdb.org/29663 ([email protected])
http://www.securityfocus.com/archive/1/448009/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/20406 Exploit ([email protected])
http://www.vupen.com/english/advisories/2006/3972 Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/29397 ([email protected])
https://www.exploit-db.com/exploits/2496 ([email protected])
http://advisories.echo.or.id/adv/adv48-theday-2006.txt Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/22336 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/1702 (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1017023 (af854a3a-2127-422b-91ae-364da2661108)
http://www.obdev.at/products/webyep/release-notes.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/29643 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/29644 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/29645 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/29646 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/29647 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/29648 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/29649 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/29650 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/29651 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/29652 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/29653 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/29654 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/29655 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/29656 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/29657 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/29658 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/29659 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/29660 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/29661 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/29662 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/29663 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/448009/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/20406 Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/3972 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29397 (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/2496 (af854a3a-2127-422b-91ae-364da2661108)