Unrated severityNVD Advisory· Published Apr 18, 2006· Updated Apr 16, 2026

CVE-2006-1819

Description

Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hub_dir parameter, as demonstrated by including access_log. NOTE: in some cases, arbitrary remote file inclusion could be performed under PHP 5 using an SMB share argument such as "\\systemname\sharename".

Affected products

Phpwebsite/Phpwebsite
cpe:2.3:a:phpwebsite:phpwebsite:*:*:*:*:*:*:*:*
Range: <=0.10.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/17521nvdExploit
downloads.securityfocus.com/vulnerabilities/exploits/PHPWebSite_fi_pocnvd
secunia.com/advisories/19647nvd
secunia.com/advisories/19914nvd
securitytracker.com/idnvd
www.gentoo.org/security/en/glsa/glsa-200605-04.xmlnvd
www.vupen.com/english/advisories/2006/1361nvd
exchange.xforce.ibmcloud.com/vulnerabilities/25867nvd
www.exploit-db.com/exploits/1673nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000