Unrated severityNVD Advisory· Published Aug 22, 2006· Updated Apr 16, 2026

CVE-2006-4287

Description

Multiple PHP remote file inclusion vulnerabilities in NES Game and NES System c108122 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) phphtmllib parameter to (a) phphtmllib/includes.php; tag_utils/ scripts including (b) divtag_utils.php, (c) form_utils.php, (d) html_utils.php, and (e) localinc.php; and widgets/ scripts including (f) FooterNav.php, (g) HTMLPageClass.php, (h) InfoTable.php, (i) localinc.php, (j) NavTable.php, and (k) TextNav.php.

Affected products

Nes Game/Nes Game
cpe:2.3:a:nes_game:nes_game:c108122:*:*:*:*:*:*:*
Nes System/Nes System
cpe:2.3:a:nes_system:nes_system:c108122:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/21593nvdExploitVendor Advisory
www.rahim.webd.pl/exploity/Exploits/61.htmlnvdExploit
www.securityfocus.com/bid/19611nvdExploit
www.osvdb.org/28044nvd
www.osvdb.org/28045nvd
www.osvdb.org/28046nvd
www.osvdb.org/28047nvd
www.osvdb.org/28048nvd
www.osvdb.org/28049nvd
www.osvdb.org/28050nvd
www.osvdb.org/28051nvd
www.osvdb.org/28052nvd
www.osvdb.org/28053nvd
www.osvdb.org/28054nvd
www.vupen.com/english/advisories/2006/3339nvd
exchange.xforce.ibmcloud.com/vulnerabilities/28486nvd
www.exploit-db.com/exploits/2226nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.011
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000