Unrated severityNVD Advisory· Published Jul 13, 2006· Updated Apr 16, 2026

CVE-2006-3554

Description

Directory traversal vulnerability in index.php in MKPortal 1.0.1 Final allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by using a gl_session cookie to inject PHP sequences into the error.log file, which is then included by index.php with malicious commands accessible by the ind parameter.

Affected products

Mkportal/Mkportal
cpe:2.3:a:mkportal:mkportal:1.0.1_final:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/20884nvdPatchVendor Advisory
securitytracker.com/idnvdExploit
www.worlddefacers.de/Public/WD-MKP.txtnvdExploit
securityreason.com/securityalert/1234nvd
www.securityfocus.com/archive/1/438614/100/100/threadednvd
www.securityfocus.com/bid/18707nvd
www.vupen.com/english/advisories/2006/2598nvd
exchange.xforce.ibmcloud.com/vulnerabilities/27451nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000