CVE-2006-1688

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.osvdb.org/24401", "name": "24401", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/24402", "name": "24402", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/24403", "name": "24403", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/24404", "name": "24404", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/24405", "name": "24405", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/24406", "name": "24406", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/24407", "name": "24407", "tags": ["Exploit"], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/24408", "name": "24408", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/24421", "name": "24421", "tags": [], "refsource": "OSVDB"}, {"url": "http://secunia.com/advisories/19482", "name": "19482", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://liz0zim.no-ip.org/alp.txt", "name": "http://liz0zim.no-ip.org/alp.txt", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://www.blogcu.com/Liz0ziM/431845/", "name": "http://www.blogcu.com/Liz0ziM/431845/", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/19588", "name": "19588", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/17434", "name": "17434", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://www.osvdb.org/24409", "name": "24409", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/24410", "name": "24410", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/24411", "name": "24411", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/24412", "name": "24412", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/24413", "name": "24413", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/24414", "name": "24414", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/24415", "name": "24415", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/24416", "name": "24416", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/24417", "name": "24417", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/24418", "name": "24418", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/24419", "name": "24419", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/24420", "name": "24420", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/24422", "name": "24422", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/24423", "name": "24423", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/24424", "name": "24424", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/24425", "name": "24425", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/24426", "name": "24426", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/24427", "name": "24427", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/24428", "name": "24428", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/24429", "name": "24429", "tags": [], "refsource": "OSVDB"}, {"url": "http://securitytracker.com/id?1015884", "name": "1015884", "tags": ["Exploit"], "refsource": "SECTRACK"}, {"url": "http://securityreason.com/securityalert/679", "name": "679", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2006/1284", "name": "ADV-2006-1284", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://www.securityfocus.com/archive/1/441015/100/0/threaded", "name": "20060724 SQuery v.x (devi.php) (armygame.php) Remote File Inclusion", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/439874/100/0/threaded", "name": "20060710 SQuery <= 4.5(libpath) Remote File Inclusion Exploit", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/430289/100/0/threaded", "name": "20060408 Autonomous LAN party File iNclusion", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allow remote attackers to execute arbitrary PHP code via a URL in the libpath parameter to scripts in the lib directory including (1) ase.php, (2) devi.php, (3) doom3.php, (4) et.php, (5) flashpoint.php, (6) gameSpy.php, (7) gameSpy2.php, (8) gore.php, (9) gsvari.php, (10) halo.php, (11) hlife.php, (12) hlife2.php, (13) igi2.php, (14) main.lib.php, (15) netpanzer.php, (16) old_hlife.php, (17) pkill.php, (18) q2a.php, (19) q3a.php, (20) qworld.php, (21) rene.php, (22) rvbshld.php, (23) savage.php, (24) simracer.php, (25) sof1.php, (26) sof2.php, (27) unreal.php, (28) ut2004.php, and (29) vietcong.php. NOTE: the lib/armygame.php vector is already covered by CVE-2006-1610. The provenance of most of these additional vectors is unknown, although likely from post-disclosure analysis. NOTE: this only occurs when register_globals is disabled."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-94"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-1688", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-04-11T00:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:squery:squery:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "4.5"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-18T16:33Z"}