CVE-2006-1688

{"id": "CVE-2006-1688", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-04-11T00:02:00.000", "references": [{"url": "http://liz0zim.no-ip.org/alp.txt", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/19482", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/19588", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/679", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1015884", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.blogcu.com/Liz0ziM/431845/", "tags": ["Exploit", "URL Repurposed"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24401", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24402", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24403", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24404", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24405", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24406", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24407", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24408", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24409", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24410", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24411", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24412", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24413", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24414", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24415", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24416", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24417", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24418", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24419", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24420", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24421", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24422", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24423", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24424", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24425", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24426", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24427", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24428", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24429", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/430289/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/439874/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/441015/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/17434", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/1284", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allow remote attackers to execute arbitrary PHP code via a URL in the libpath parameter to scripts in the lib directory including (1) ase.php, (2) devi.php, (3) doom3.php, (4) et.php, (5) flashpoint.php, (6) gameSpy.php, (7) gameSpy2.php, (8) gore.php, (9) gsvari.php, (10) halo.php, (11) hlife.php, (12) hlife2.php, (13) igi2.php, (14) main.lib.php, (15) netpanzer.php, (16) old_hlife.php, (17) pkill.php, (18) q2a.php, (19) q3a.php, (20) qworld.php, (21) rene.php, (22) rvbshld.php, (23) savage.php, (24) simracer.php, (25) sof1.php, (26) sof2.php, (27) unreal.php, (28) ut2004.php, and (29) vietcong.php. NOTE: the lib/armygame.php vector is already covered by CVE-2006-1610. The provenance of most of these additional vectors is unknown, although likely from post-disclosure analysis. NOTE: this only occurs when register_globals is disabled."}], "lastModified": "2024-02-14T01:17:43.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:squery:squery:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FE10A14-FF1C-4FCB-BABE-B43253157E73", "versionEndIncluding": "4.5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}