CVE-2006-4889 (CNNVD-200609-321)
MEDIUM
有利用代码
中文标题:
Telekorn SignKorn Guestbook 多个PHP远程文件包含漏洞
英文标题:
Multiple PHP remote file inclusion vulnerabilities in Telekorn SignKorn Guestbook (SL) 1.3 and earli...
CVSS分数:
5.1
发布时间:
2006-09-19 21:00:00
漏洞类型:
授权问题
状态:
PUBLISHED
数据质量分数:
0.40
数据版本:
v24
漏洞描述
中文描述:
Telekorn SignKorn Guestbook (SL)中存在多个PHP远程文件包含漏洞,在启用register_globals时,远程攻击者通过以下文件的dir_path参数中的URL执行任意PHP代码:(1) index.php, (2) includes/functions.gb.php, (3) includes/functions.admin.php, (4) includes/admin.inc.php, (5) help.php, (6) smile.php, (7) entry.php;(a) help/en和(b) help/de目录中的(8) adminhelp0.php, (9) adminhelp1.php, (10) adminhelp2.php和(11) adminhelp3.php;以及(c) admin目录中的(12) preview.php, (13) log.php, (14) index.php, (15) config.php和(16) admin.php。
英文描述:
Multiple PHP remote file inclusion vulnerabilities in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter in (1) index.php, (2) includes/functions.gb.php, (3) includes/functions.admin.php, (4) includes/admin.inc.php, (5) help.php, (6) smile.php, (7) entry.php; (8) adminhelp0.php, (9) adminhelp1.php, (10) adminhelp2.php, and (11) adminhelp3.php in (a) help/en and (b) help/de directories; and the (12) preview.php, (13) log.php, (14) index.php, (15) config.php, and (16) admin.php in the (c) admin directory, a different set of vectors than CVE-2006-4788.
CWE类型:
(暂无数据)
标签:
webapps
php
SHiKaA
OSVDB-28741
ThE_LeO
OSVDB-32199
OSVDB-32200
OSVDB-32201
OSVDB-32202
OSVDB-32203
OSVDB-32204
OSVDB-32205
OSVDB-32206
OSVDB-32207
OSVDB-32208
OSVDB-32209
OSVDB-32210
OSVDB-32211
OSVDB-32212
OSVDB-32213
OSVDB-32214
OSVDB-32215
OSVDB-32216
OSVDB-32217
OSVDB-32218
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| telekorn | signkorn_guestbook | * | - | - |
cpe:2.3:a:telekorn:signkorn_guestbook:*:*:*:*:*:*:*:*
|
| telekorn | signkorn_guestbook | 1.1 | - | - |
cpe:2.3:a:telekorn:signkorn_guestbook:1.1:*:*:*:*:*:*:*
|
| telekorn | signkorn_guestbook | 1.2 | - | - |
cpe:2.3:a:telekorn:signkorn_guestbook:1.2:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
32201
vdb-entry
cve.org
访问
cve.org
32218
vdb-entry
cve.org
访问
cve.org
32205
vdb-entry
cve.org
访问
cve.org
32217
vdb-entry
cve.org
访问
cve.org
32211
vdb-entry
cve.org
访问
cve.org
signkorn-log-file-include(28888)
vdb-entry
cve.org
访问
cve.org
32214
vdb-entry
cve.org
访问
cve.org
32206
vdb-entry
cve.org
访问
cve.org
20060913 Signkorn Guestbook <= v1.3 Multiple Remote File Include Vulnerabilities
mailing-list
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
32215
vdb-entry
cve.org
访问
cve.org
32200
vdb-entry
cve.org
访问
cve.org
32204
vdb-entry
cve.org
访问
cve.org
32208
vdb-entry
cve.org
访问
cve.org
32203
vdb-entry
cve.org
访问
cve.org
32207
vdb-entry
cve.org
访问
cve.org
32199
vdb-entry
cve.org
访问
cve.org
32202
vdb-entry
cve.org
访问
cve.org
32210
vdb-entry
cve.org
访问
cve.org
32212
vdb-entry
cve.org
访问
cve.org
19977
vdb-entry
cve.org
访问
cve.org
32213
vdb-entry
cve.org
访问
cve.org
32209
vdb-entry
cve.org
访问
cve.org
1619
third-party-advisory
cve.org
访问
cve.org
32216
vdb-entry
cve.org
访问
cve.org
ExploitDB EDB-2354
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-2354
EXPLOIT
exploitdb
访问
exploitdb
CVE Reference: CVE-2006-4889
ADVISORY
cve.org
访问
cve.org
CVE Reference: CVE-2006-4788
ADVISORY
cve.org
访问
cve.org
ExploitDB EDB-28522
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-28522
EXPLOIT
exploitdb
访问
exploitdb
ExploitDB EDB-28523
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-28523
EXPLOIT
exploitdb
访问
exploitdb
ExploitDB EDB-28524
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-28524
EXPLOIT
exploitdb
访问
exploitdb
ExploitDB EDB-28525
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-28525
EXPLOIT
exploitdb
访问
exploitdb
ExploitDB EDB-28526
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-28526
EXPLOIT
exploitdb
访问
exploitdb
ExploitDB EDB-28527
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-28527
EXPLOIT
exploitdb
访问
exploitdb
ExploitDB EDB-28528
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-28528
EXPLOIT
exploitdb
访问
exploitdb
ExploitDB EDB-28529
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-28529
EXPLOIT
exploitdb
访问
exploitdb
ExploitDB EDB-28530
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-28530
EXPLOIT
exploitdb
访问
exploitdb
ExploitDB EDB-28531
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-28531
EXPLOIT
exploitdb
访问
exploitdb
ExploitDB EDB-28532
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-28532
EXPLOIT
exploitdb
访问
exploitdb
ExploitDB EDB-28533
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-28533
EXPLOIT
exploitdb
访问
exploitdb
ExploitDB EDB-28534
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-28534
EXPLOIT
exploitdb
访问
exploitdb
ExploitDB EDB-28535
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-28535
EXPLOIT
exploitdb
访问
exploitdb
ExploitDB EDB-28536
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-28536
EXPLOIT
exploitdb
访问
exploitdb
ExploitDB EDB-28537
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-28537
EXPLOIT
exploitdb
访问
exploitdb
ExploitDB EDB-28538
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-28538
EXPLOIT
exploitdb
访问
exploitdb
ExploitDB EDB-28539
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-28539
EXPLOIT
exploitdb
访问
exploitdb
ExploitDB EDB-28540
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-28540
EXPLOIT
exploitdb
访问
exploitdb
ExploitDB EDB-28541
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-28541
EXPLOIT
exploitdb
访问
exploitdb
CVSS评分详情
5.1
MEDIUM
CVSS向量:
AV:N/AC:H/Au:N/C:P/I:P/A:P
CVSS版本:
2.0
机密性
PARTIAL
完整性
PARTIAL
可用性
PARTIAL
时间信息
发布时间:
2006-09-19 21:00:00
修改时间:
2024-08-07 19:32:22
创建时间:
2025-11-11 15:32:37
更新时间:
2026-01-19 09:42:14
利用信息
此漏洞有可利用代码!
利用代码数量:
21
利用来源:
未知
未知
未知
未知
未知
未知
未知
未知
未知
未知
未知
未知
未知
未知
未知
未知
未知
未知
未知
未知
未知
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2006-4889 |
2025-11-11 15:17:45 | 2025-11-11 07:32:37 |
| NVD | nvd_CVE-2006-4889 |
2025-11-11 14:51:51 | 2025-11-11 07:41:22 |
| CNNVD | cnnvd_CNNVD-200609-321 |
2025-11-11 15:08:53 | 2025-11-11 07:49:10 |
| EXPLOITDB | exploitdb_EDB-2354 |
2025-11-11 15:05:44 | 2025-11-11 08:19:28 |
| EXPLOITDB | exploitdb_EDB-28522 |
2025-11-11 15:05:44 | 2025-11-11 08:24:15 |
| EXPLOITDB | exploitdb_EDB-28523 |
2025-11-11 15:05:44 | 2025-11-11 08:24:15 |
| EXPLOITDB | exploitdb_EDB-28524 |
2025-11-11 15:05:44 | 2025-11-11 08:24:15 |
| EXPLOITDB | exploitdb_EDB-28525 |
2025-11-11 15:05:44 | 2025-11-11 08:24:15 |
| EXPLOITDB | exploitdb_EDB-28526 |
2025-11-11 15:05:44 | 2025-11-11 08:24:15 |
| EXPLOITDB | exploitdb_EDB-28527 |
2025-11-11 15:05:44 | 2025-11-11 08:24:15 |
| EXPLOITDB | exploitdb_EDB-28528 |
2025-11-11 15:05:44 | 2025-11-11 08:24:15 |
| EXPLOITDB | exploitdb_EDB-28529 |
2025-11-11 15:05:44 | 2025-11-11 08:24:15 |
| EXPLOITDB | exploitdb_EDB-28530 |
2025-11-11 15:05:44 | 2025-11-11 08:24:15 |
| EXPLOITDB | exploitdb_EDB-28531 |
2025-11-11 15:05:44 | 2025-11-11 08:24:15 |
| EXPLOITDB | exploitdb_EDB-28532 |
2025-11-11 15:05:44 | 2025-11-11 08:24:15 |
| EXPLOITDB | exploitdb_EDB-28533 |
2025-11-11 15:05:44 | 2025-11-11 08:24:15 |
| EXPLOITDB | exploitdb_EDB-28534 |
2025-11-11 15:05:44 | 2025-11-11 08:24:15 |
| EXPLOITDB | exploitdb_EDB-28535 |
2025-11-11 15:05:44 | 2025-11-11 08:24:15 |
| EXPLOITDB | exploitdb_EDB-28536 |
2025-11-11 15:05:44 | 2025-11-11 08:24:15 |
| EXPLOITDB | exploitdb_EDB-28537 |
2025-11-11 15:05:44 | 2025-11-11 08:24:15 |
| EXPLOITDB | exploitdb_EDB-28538 |
2025-11-11 15:05:44 | 2025-11-11 08:24:15 |
| EXPLOITDB | exploitdb_EDB-28539 |
2025-11-11 15:05:44 | 2025-11-11 08:24:15 |
| EXPLOITDB | exploitdb_EDB-28540 |
2025-11-11 15:05:44 | 2025-11-11 08:24:16 |
| EXPLOITDB | exploitdb_EDB-28541 |
2025-11-11 15:05:44 | 2025-11-11 08:24:16 |
版本与语言
当前版本:
v24
主要语言:
EN
支持语言:
EN
ZH
其他标识符:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
安全公告
暂无安全公告信息
变更历史
v24
EXPLOITDB
2025-11-11 16:24:16
references_count: 67 → 69; tags_count: 24 → 25
查看详细变更
- references_count: 67 -> 69
- tags_count: 24 -> 25
v23
EXPLOITDB
2025-11-11 16:24:16
references_count: 65 → 67; tags_count: 23 → 24
查看详细变更
- references_count: 65 -> 67
- tags_count: 23 -> 24
v22
EXPLOITDB
2025-11-11 16:24:15
references_count: 63 → 65; tags_count: 22 → 23
查看详细变更
- references_count: 63 -> 65
- tags_count: 22 -> 23
v21
EXPLOITDB
2025-11-11 16:24:15
references_count: 61 → 63; tags_count: 21 → 22
查看详细变更
- references_count: 61 -> 63
- tags_count: 21 -> 22
v20
EXPLOITDB
2025-11-11 16:24:15
references_count: 59 → 61; tags_count: 20 → 21
查看详细变更
- references_count: 59 -> 61
- tags_count: 20 -> 21
v19
EXPLOITDB
2025-11-11 16:24:15
references_count: 57 → 59; tags_count: 19 → 20
查看详细变更
- references_count: 57 -> 59
- tags_count: 19 -> 20
v18
EXPLOITDB
2025-11-11 16:24:15
references_count: 55 → 57; tags_count: 18 → 19
查看详细变更
- references_count: 55 -> 57
- tags_count: 18 -> 19
v17
EXPLOITDB
2025-11-11 16:24:15
references_count: 53 → 55; tags_count: 17 → 18
查看详细变更
- references_count: 53 -> 55
- tags_count: 17 -> 18
v16
EXPLOITDB
2025-11-11 16:24:15
references_count: 51 → 53; tags_count: 16 → 17
查看详细变更
- references_count: 51 -> 53
- tags_count: 16 -> 17
v15
EXPLOITDB
2025-11-11 16:24:15
references_count: 49 → 51; tags_count: 15 → 16
查看详细变更
- references_count: 49 -> 51
- tags_count: 15 -> 16
v14
EXPLOITDB
2025-11-11 16:24:15
references_count: 47 → 49; tags_count: 14 → 15
查看详细变更
- references_count: 47 -> 49
- tags_count: 14 -> 15
v13
EXPLOITDB
2025-11-11 16:24:15
references_count: 45 → 47; tags_count: 13 → 14
查看详细变更
- references_count: 45 -> 47
- tags_count: 13 -> 14
v12
EXPLOITDB
2025-11-11 16:24:15
references_count: 43 → 45; tags_count: 12 → 13
查看详细变更
- references_count: 43 -> 45
- tags_count: 12 -> 13
v11
EXPLOITDB
2025-11-11 16:24:15
references_count: 41 → 43; tags_count: 11 → 12
查看详细变更
- references_count: 41 -> 43
- tags_count: 11 -> 12
v10
EXPLOITDB
2025-11-11 16:24:15
references_count: 39 → 41; tags_count: 10 → 11
查看详细变更
- references_count: 39 -> 41
- tags_count: 10 -> 11
v9
EXPLOITDB
2025-11-11 16:24:15
references_count: 37 → 39; tags_count: 9 → 10
查看详细变更
- references_count: 37 -> 39
- tags_count: 9 -> 10
v8
EXPLOITDB
2025-11-11 16:24:15
references_count: 35 → 37; tags_count: 8 → 9
查看详细变更
- references_count: 35 -> 37
- tags_count: 8 -> 9
v7
EXPLOITDB
2025-11-11 16:24:15
references_count: 33 → 35; tags_count: 7 → 8
查看详细变更
- references_count: 33 -> 35
- tags_count: 7 -> 8
v6
EXPLOITDB
2025-11-11 16:24:15
references_count: 31 → 33; tags_count: 6 → 7
查看详细变更
- references_count: 31 -> 33
- tags_count: 6 -> 7
v5
EXPLOITDB
2025-11-11 16:24:15
references_count: 29 → 31; tags_count: 4 → 6
查看详细变更
- references_count: 29 -> 31
- tags_count: 4 -> 6
v4
EXPLOITDB
2025-11-11 16:19:28
references_count: 25 → 29; tags_count: 0 → 4; data_sources: ['cnnvd', 'cve', 'nvd'] → ['cnnvd', 'cve', 'exploitdb', 'nvd']
查看详细变更
- references_count: 25 -> 29
- tags_count: 0 -> 4
- data_sources: ['cnnvd', 'cve', 'nvd'] -> ['cnnvd', 'cve', 'exploitdb', 'nvd']
v3
CNNVD
2025-11-11 15:49:10
vulnerability_type: 未提取 → 授权问题; cnnvd_id: 未提取 → CNNVD-200609-321; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> 授权问题
- cnnvd_id: 未提取 -> CNNVD-200609-321
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2
NVD
2025-11-11 15:41:22
cvss_score: 未提取 → 5.1; cvss_vector: NOT_EXTRACTED → AV:N/AC:H/Au:N/C:P/I:P/A:P; cvss_version: NOT_EXTRACTED → 2.0; affected_products_count: 0 → 3; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
- cvss_score: 未提取 -> 5.1
- cvss_vector: NOT_EXTRACTED -> AV:N/AC:H/Au:N/C:P/I:P/A:P
- cvss_version: NOT_EXTRACTED -> 2.0
- affected_products_count: 0 -> 3
- data_sources: ['cve'] -> ['cve', 'nvd']