CVE-2006-4945

Description

Multiple PHP remote file inclusion vulnerabilities in Cardway (aka Frederic Boudaud) DigitalWebShop 1.128 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _PHPLIB[libdir] parameter to (1) rechnung.php or (2) prepend.php.

Affected products

• cardway / digitalwebshop1.110 – 1.110
• cardway / digitalwebshop1.120 – 1.120
• cardway / digitalwebshop1.128 – 1.128

References

• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/29037
• EXPLOIThttps://www.exploit-db.com/exploits/2398
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/3705
• VENDOR_ADVISORYhttp://secunia.com/advisories/22026
• MISChttp://www.securityfocus.com/bid/20107