CVE-2006-1688
Description
Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allow remote attackers to execute arbitrary PHP code via a URL in the libpath parameter to scripts in the lib directory including (1) ase.php, (2) devi.php, (3) doom3.php, (4) et.php, (5) flashpoint.php, (6) gameSpy.php, (7) gameSpy2.php, (8) gore.php, (9) gsvari.php, (10) halo.php, (11) hlife.php, (12) hlife2.php, (13) igi2.php, (14) main.lib.php, (15) netpanzer.php, (16) old_hlife.php, (17) pkill.php, (18) q2a.php, (19) q3a.php, (20) qworld.php, (21) rene.php, (22) rvbshld.php, (23) savage.php, (24) simracer.php, (25) sof1.php, (26) sof2.php, (27) unreal.php, (28) ut2004.php, and (29) vietcong.php. NOTE: the lib/armygame.php vector is already covered by CVE-2006-1610. The provenance of most of these additional vectors is unknown, although likely from post-disclosure analysis. NOTE: this only occurs when register_globals is disabled.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
40- liz0zim.no-ip.org/alp.txtnvdExploit
- securitytracker.com/idnvdExploit
- www.blogcu.com/Liz0ziM/431845/nvdExploitURL Repurposed
- www.osvdb.org/24407nvdExploit
- www.securityfocus.com/bid/17434nvdExploit
- secunia.com/advisories/19482nvdVendor Advisory
- secunia.com/advisories/19588nvdVendor Advisory
- www.vupen.com/english/advisories/2006/1284nvdVendor Advisory
- securityreason.com/securityalert/679nvd
- www.osvdb.org/24401nvd
- www.osvdb.org/24402nvd
- www.osvdb.org/24403nvd
- www.osvdb.org/24404nvd
- www.osvdb.org/24405nvd
- www.osvdb.org/24406nvd
- www.osvdb.org/24408nvd
- www.osvdb.org/24409nvd
- www.osvdb.org/24410nvd
- www.osvdb.org/24411nvd
- www.osvdb.org/24412nvd
- www.osvdb.org/24413nvd
- www.osvdb.org/24414nvd
- www.osvdb.org/24415nvd
- www.osvdb.org/24416nvd
- www.osvdb.org/24417nvd
- www.osvdb.org/24418nvd
- www.osvdb.org/24419nvd
- www.osvdb.org/24420nvd
- www.osvdb.org/24421nvd
- www.osvdb.org/24422nvd
- www.osvdb.org/24423nvd
- www.osvdb.org/24424nvd
- www.osvdb.org/24425nvd
- www.osvdb.org/24426nvd
- www.osvdb.org/24427nvd
- www.osvdb.org/24428nvd
- www.osvdb.org/24429nvd
- www.securityfocus.com/archive/1/430289/100/0/threadednvd
- www.securityfocus.com/archive/1/439874/100/0/threadednvd
- www.securityfocus.com/archive/1/441015/100/0/threadednvd
News mentions
0No linked articles in our index yet.