Unrated severityNVD Advisory· Published Apr 11, 2006· Updated Apr 16, 2026

CVE-2006-1688

Description

Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allow remote attackers to execute arbitrary PHP code via a URL in the libpath parameter to scripts in the lib directory including (1) ase.php, (2) devi.php, (3) doom3.php, (4) et.php, (5) flashpoint.php, (6) gameSpy.php, (7) gameSpy2.php, (8) gore.php, (9) gsvari.php, (10) halo.php, (11) hlife.php, (12) hlife2.php, (13) igi2.php, (14) main.lib.php, (15) netpanzer.php, (16) old_hlife.php, (17) pkill.php, (18) q2a.php, (19) q3a.php, (20) qworld.php, (21) rene.php, (22) rvbshld.php, (23) savage.php, (24) simracer.php, (25) sof1.php, (26) sof2.php, (27) unreal.php, (28) ut2004.php, and (29) vietcong.php. NOTE: the lib/armygame.php vector is already covered by CVE-2006-1610. The provenance of most of these additional vectors is unknown, although likely from post-disclosure analysis. NOTE: this only occurs when register_globals is disabled.

Affected products

Squery/Squery
cpe:2.3:a:squery:squery:*:*:*:*:*:*:*:*
Range: <=4.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

liz0zim.no-ip.org/alp.txtnvdExploit
securitytracker.com/idnvdExploit
www.blogcu.com/Liz0ziM/431845/nvdExploitURL Repurposed
www.osvdb.org/24407nvdExploit
www.securityfocus.com/bid/17434nvdExploit
secunia.com/advisories/19482nvdVendor Advisory
secunia.com/advisories/19588nvdVendor Advisory
www.vupen.com/english/advisories/2006/1284nvdVendor Advisory
securityreason.com/securityalert/679nvd
www.osvdb.org/24401nvd
www.osvdb.org/24402nvd
www.osvdb.org/24403nvd
www.osvdb.org/24404nvd
www.osvdb.org/24405nvd
www.osvdb.org/24406nvd
www.osvdb.org/24408nvd
www.osvdb.org/24409nvd
www.osvdb.org/24410nvd
www.osvdb.org/24411nvd
www.osvdb.org/24412nvd
www.osvdb.org/24413nvd
www.osvdb.org/24414nvd
www.osvdb.org/24415nvd
www.osvdb.org/24416nvd
www.osvdb.org/24417nvd
www.osvdb.org/24418nvd
www.osvdb.org/24419nvd
www.osvdb.org/24420nvd
www.osvdb.org/24421nvd
www.osvdb.org/24422nvd
www.osvdb.org/24423nvd
www.osvdb.org/24424nvd
www.osvdb.org/24425nvd
www.osvdb.org/24426nvd
www.osvdb.org/24427nvd
www.osvdb.org/24428nvd
www.osvdb.org/24429nvd
www.securityfocus.com/archive/1/430289/100/0/threadednvd
www.securityfocus.com/archive/1/439874/100/0/threadednvd
www.securityfocus.com/archive/1/441015/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000