CVE - CVE-2006-5020

CVE-ID
CVE-2006-5020	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple PHP remote file inclusion vulnerabilities in SolidState 0.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the base_path parameter in manager/pages/ scripts including (1) AccountsPage.class.php, (2) AddInvoicePage.class.php, (3) AddIPAddressPage.class.php, (4) AddPaymentPage.class.php, (5) AddTaxRulePage.class.php, (6) AssignDomainPage.class.php, (7) AssignHostingPage.class.php, (8) AssignProductPage.class.php, (9) BillingPage.class.php, (10) BillingPaymentPage.class.php, (11) BrowseAccountsPage.class.php, (12) BrowseInvoicesPage.class.php, (13) ConfigureEditUserPage.class.php, (14) ConfigureNewUserPage.class.php, (15) ConfigureNewUserReceiptPage.class.php, (16) ConfigureUsersPage.class.php, (17) DeleteAccountPage.class.php, (18) DeleteDomainServicePage.class.php, (19) DeleteHostingServicePage.class.php, (20) DeleteInvoicePage.class.php, (21) DeleteProductPage.class.php, (22) DeleteServerPage.class.php, (23) DomainServicesPage.class.php, (24) DomainsPage.class.php, (25) EditAccountPage.class.php, (26) EditDomainPage.class.php, (27) EditDomainServicePage.class.php, (28) EditHostingServicePage.class.php, (29) EditPaymentPage.class.php, (30) EditProductPage.class.php, (31) EditServerPage.class.php, (32) EmailInvoicePage.class.php, (33) ExecuteOrderPage.class.php, (34) ExpiredDomainsPage.class.php, (35) FulfilledOrdersPage.class.php, (36) GenerateInvoicesPage.class.php, (37) HomePage.class.php, (38) InactiveAccountsPage.class.php, (39) IPManagerPage.class.php, (40) LoginPage.class.php, (41) LogPage.class.php, (42) ModulesPage.class.php, (43) NewAccountPage.class.php, (44) NewDomainServicePage.class.php, (45) NewProductPage.class.php, (46) OutstandingInvoicesPage.class.php, (47) PendingAccountsPage.class.php, (48) PendingOrdersPage.class.php, (49) PrintInvoicePage.class.php, (50) ProductsPage.class.php, (51) RegisterDomainPage.class.php, (52) RegisteredDomainsPage.class.php, (53) ServersPage.class.php, (54) ServicesHostingServicesPage.class.php, (55) ServicesNewHostingPage.class.php, (56) ServicesPage.class.php, (57) ServicesWebHostingPage.class.php, (58) SettingsPage.class.php, (59) TaxesPage.class.php, (60) TransferDomainPage.class.php, (61) ViewAccountPage.class.php, (62) ViewDomainServicePage.class.php, (63) ViewHostingServicePage.class.php, (64) ViewInvoicePage.class.php, (65) ViewLogMessagePage.class.php, (66) ViewOrderPage.class.php, (67) ViewProductPage.class.php, (68) ViewServerPage.class.php, (69) WelcomeEmailPage.class.php; and (70) modules/RegistrarModule.class.php, (71) modules/SolidStateModule.class.php, (72) modules/authorizeaim/authorizeaim.class.php, and (73) modules/authorizeaim/pages/AAIMConfigPage.class.php.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:21934 URL:http://www.securityfocus.com/bid/21934 CONFIRM:http://www.solid-state.org/index.php?name=PNphpBB2&file=portal&article=1 EXPLOIT-DB:2413 URL:https://www.exploit-db.com/exploits/2413 OSVDB:31097 URL:~~http://www.osvdb.org/31097~~ (Obsolete source) OSVDB:31098 URL:~~http://www.osvdb.org/31098~~ (Obsolete source) OSVDB:31099 URL:~~http://www.osvdb.org/31099~~ (Obsolete source) OSVDB:31100 URL:~~http://www.osvdb.org/31100~~ (Obsolete source) OSVDB:31104 URL:~~http://www.osvdb.org/31104~~ (Obsolete source) OSVDB:31105 URL:~~http://www.osvdb.org/31105~~ (Obsolete source) OSVDB:31106 URL:~~http://www.osvdb.org/31106~~ (Obsolete source) OSVDB:31107 URL:~~http://www.osvdb.org/31107~~ (Obsolete source) OSVDB:31108 URL:~~http://www.osvdb.org/31108~~ (Obsolete source) OSVDB:31109 URL:~~http://www.osvdb.org/31109~~ (Obsolete source) OSVDB:31110 URL:~~http://www.osvdb.org/31110~~ (Obsolete source) OSVDB:31111 URL:~~http://www.osvdb.org/31111~~ (Obsolete source) OSVDB:31112 URL:~~http://www.osvdb.org/31112~~ (Obsolete source) OSVDB:31113 URL:~~http://www.osvdb.org/31113~~ (Obsolete source) OSVDB:31114 URL:~~http://www.osvdb.org/31114~~ (Obsolete source) OSVDB:31115 URL:~~http://www.osvdb.org/31115~~ (Obsolete source) OSVDB:31116 URL:~~http://www.osvdb.org/31116~~ (Obsolete source) OSVDB:31117 URL:~~http://www.osvdb.org/31117~~ (Obsolete source) OSVDB:31118 URL:~~http://www.osvdb.org/31118~~ (Obsolete source) OSVDB:31119 URL:~~http://www.osvdb.org/31119~~ (Obsolete source) OSVDB:31120 URL:~~http://www.osvdb.org/31120~~ (Obsolete source) OSVDB:31121 URL:~~http://www.osvdb.org/31121~~ (Obsolete source) OSVDB:31122 URL:~~http://www.osvdb.org/31122~~ (Obsolete source) OSVDB:31123 URL:~~http://www.osvdb.org/31123~~ (Obsolete source) OSVDB:31124 URL:~~http://www.osvdb.org/31124~~ (Obsolete source) OSVDB:31125 URL:~~http://www.osvdb.org/31125~~ (Obsolete source) OSVDB:31126 URL:~~http://www.osvdb.org/31126~~ (Obsolete source) OSVDB:31127 URL:~~http://www.osvdb.org/31127~~ (Obsolete source) OSVDB:31128 URL:~~http://www.osvdb.org/31128~~ (Obsolete source) OSVDB:31129 URL:~~http://www.osvdb.org/31129~~ (Obsolete source) OSVDB:31130 URL:~~http://www.osvdb.org/31130~~ (Obsolete source) OSVDB:31131 URL:~~http://www.osvdb.org/31131~~ (Obsolete source) OSVDB:31132 URL:~~http://www.osvdb.org/31132~~ (Obsolete source) OSVDB:31133 URL:~~http://www.osvdb.org/31133~~ (Obsolete source) OSVDB:31134 URL:~~http://www.osvdb.org/31134~~ (Obsolete source) OSVDB:31135 URL:~~http://www.osvdb.org/31135~~ (Obsolete source) OSVDB:31136 URL:~~http://www.osvdb.org/31136~~ (Obsolete source) OSVDB:31137 URL:~~http://www.osvdb.org/31137~~ (Obsolete source) OSVDB:31138 URL:~~http://www.osvdb.org/31138~~ (Obsolete source) OSVDB:31139 URL:~~http://www.osvdb.org/31139~~ (Obsolete source) OSVDB:31141 URL:~~http://www.osvdb.org/31141~~ (Obsolete source) OSVDB:31142 URL:~~http://www.osvdb.org/31142~~ (Obsolete source) OSVDB:31143 URL:~~http://www.osvdb.org/31143~~ (Obsolete source) OSVDB:31144 URL:~~http://www.osvdb.org/31144~~ (Obsolete source) OSVDB:31145 URL:~~http://www.osvdb.org/31145~~ (Obsolete source) OSVDB:31146 URL:~~http://www.osvdb.org/31146~~ (Obsolete source) OSVDB:31147 URL:~~http://www.osvdb.org/31147~~ (Obsolete source) OSVDB:31190 URL:~~http://www.osvdb.org/31190~~ (Obsolete source) OSVDB:31191 URL:~~http://www.osvdb.org/31191~~ (Obsolete source) OSVDB:31192 URL:~~http://www.osvdb.org/31192~~ (Obsolete source) OSVDB:31193 URL:~~http://www.osvdb.org/31193~~ (Obsolete source) OSVDB:31194 URL:~~http://www.osvdb.org/31194~~ (Obsolete source) OSVDB:31197 URL:~~http://www.osvdb.org/31197~~ (Obsolete source) OSVDB:31198 URL:~~http://www.osvdb.org/31198~~ (Obsolete source) OSVDB:31199 URL:~~http://www.osvdb.org/31199~~ (Obsolete source) OSVDB:31200 URL:~~http://www.osvdb.org/31200~~ (Obsolete source) OSVDB:31201 URL:~~http://www.osvdb.org/31201~~ (Obsolete source) OSVDB:31202 URL:~~http://www.osvdb.org/31202~~ (Obsolete source) OSVDB:31203 URL:~~http://www.osvdb.org/31203~~ (Obsolete source) VIM:20070106 vendor ack: SolidState RFI URL:http://attrition.org/pipermail/vim/2007-January/001210.html XF:solidstate-basepath-file-include(29095) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/29095
Assigning CNA
MITRE Corporation
Date Record Created
20060927	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060927)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)