Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2006-3107

EPSS 1.09% · P78
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2006-3107

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) GLOBALS[where_framework] to (a) admin/modules/news/news_class.php and (b) admin/modules/content/content_class.php, and (2) GLOBALS[where_cms] to (c) admin/modules/block_media/util.media.php. NOTE: this issue might be resultant from a global overwrite vulnerability. This issue is similar to CVE-2006-2576, but the vectors are different.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Docebo 多个PHP远程文件包含漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Docebo 3.0.3及之前版本存在多个PHP远程文件包含漏洞。register_globals启用时,远程攻击者可以借助(1)对(a) admin/modules/news/news_class.php和(b) admin/modules/content/content_class.php的GLOBALS[where_framework] , 以及 (2)对(c) admin/modules/block_media/util.media.php的GLOBALS[where_cms]中的URL,执行任意
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2006-3107

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2006-3107

登录查看更多情报信息。

Same Patch Batch · n/a · 2006-06-21 · 16 CVEs total

CVE-2006-3127Sun Java Enterprise System/Java System 目录服务器 网络安全服务库 内存泄露漏洞
CVE-2006-3128Easy CMS choose_file.php 任意文件上传漏洞
CVE-2006-2911CMS Mundo index.php SQL注入漏洞
CVE-2006-2931CMS MUNDO 图像文件上传 任意代码执行漏洞
CVE-2006-3101Cisco Secure ACS loginproxy.cgi 跨站脚本漏洞
CVE-2006-3102Bitweaver articles/BitArticle.php 任意PHP代码执行漏洞
CVE-2006-3103Bitweaver 多个跨站脚本攻击(XSS)漏洞
CVE-2006-3104Bitweaver index.php 信息泄露漏洞
CVE-2006-3105Bitweaver CRLF注入漏洞
CVE-2006-3106phpMyDesktop|Arcade index.php 跨站点脚本(XSS)漏洞
CVE-2006-3108EmailArchitect Email Server 多个跨站脚本攻击(XSS)漏洞
CVE-2006-3109Cisco CallManager 多个跨站脚本攻击漏洞
CVE-2006-3110Chipmailer main.php 跨站脚本攻击(XSS)漏洞
CVE-2006-3111Chipmailer main.php 多个SQL注入漏洞
CVE-2006-3112Chipmailer php.php直接请求 信息泄露漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2006-3107

No comments yet

Leave a comment