CVE-2006-3210

EPSS 5.07% · P90 Updated Feb 27, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2006-3210

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Ralf Image Gallery (RIG) 0.7.4 and other versions before 1.0, when register_globals is enabled, allows remote attackers to conduct PHP remote file inclusion and directory traversal attacks via URLs or ".." sequences in the (1) dir_abs_src parameter in (a) check_entry.php, (b) admin_album.php, (c) admin_image.php, and (d) admin_util.php; and the (2) dir_abs_admin_src parameter in admin_album.php and admin_image.php. NOTE: this issue can be leveraged to conduct cross-site scripting (XSS) attacks.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Ralf Image Gallery 多个PHP远程文件包含和目录遍历漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Ralf Image Gallery (RIG) 在启用register_globals时，可以使远程攻击者借助(a) check_entry.php, (b) admin_album.php, (c) admin_image.php和(d) admin_util.php中的(1) dir_abs_src参数; 以及admin_album.php和admin_image.php中的 (2) dir_abs_admin_src参数中的URL或 ".."序列，进行PHP远程文件包含和目录遍历攻击。注意:此问题

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2006-3210

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2006-3210

请登录查看更多情报信息。

http://www.majorsecurity.de/advisory/major_rls18.txtx_refsource_MISC
http://rig.powerpulsar.com/#newsx_refsource_CONFIRM
http://securityreason.com/securityalert/1136third-party-advisoryx_refsource_SREASON
http://www.osvdb.org/26756vdb-entryx_refsource_OSVDB
http://www.osvdb.org/26754vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/20771third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/18548vdb-entryx_refsource_BID
http://www.osvdb.org/26753vdb-entryx_refsource_OSVDB
http://www.vupen.com/english/advisories/2006/2477vdb-entryx_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilities/27257vdb-entryx_refsource_XF
https://exchange.xforce.ibmcloud.com/vulnerabilities/27256vdb-entryx_refsource_XF
https://exchange.xforce.ibmcloud.com/vulnerabilities/27259vdb-entryx_refsource_XF
http://www.securityfocus.com/archive/1/437818/100/0/threadedmailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/438645/100/100/threadedmailing-listx_refsource_BUGTRAQ
https://nvd.nist.gov/vuln/detail/CVE-2006-3210

Same Patch Batch · n/a · 2006-06-24 · 20 CVEs total

CVE-2006-3207		Ultimate PHP Board newpost.php 目录遍历漏洞
CVE-2006-3217		JaguarEdit ActiveX 信息泄露漏洞
CVE-2006-3216		SMTP Clearswift MAILsweeper/Exchange MAILsweeper e-mail 多个拒绝服务漏洞
CVE-2006-3215		SMTP Clearswift MAILsweeper/Exchange MAILsweeper e-mail 访问控制绕过漏洞
CVE-2006-3214		Hitachi Groupmax Address Server/Groupmax Mail Server 未明漏洞
CVE-2006-3213		WeBBoA Hosting host/yeni_host.asp SQL注入漏洞
CVE-2006-3212		cjGuestbook sign.php 跨站脚本攻击(XSS)漏洞
CVE-2006-3211		cjGuestbook sign.php 跨站脚本攻击(XSS)漏洞
CVE-2006-3209		Microsoft Windows XP 任务调度程序权限提升漏洞
CVE-2006-3208		Ultimate PHP Board 直接静态代码注入漏洞
CVE-2006-3218		Woltlab Burning Board profile.php SQL注入漏洞
CVE-2006-3206		Ultimate PHP Board register.php 输入验证漏洞
CVE-2006-3205		Ultimate PHP Board cookie 多个输入验证漏洞
CVE-2006-3204		Ultimate PHP Board 分组密码输入验证漏洞
CVE-2006-3203		Ultimate PHP Board 安装包设计错误漏洞
CVE-2006-3222		Fortinet FortiGate FTP扫描代理访问控制绕过漏洞
CVE-2006-3221		DataLife Engine index.php SQL注入漏洞
CVE-2006-3220		Woltlab Burning Board studienplatztausch.php SQL注入漏洞
CVE-2006-3219		Woltlab Burning Board thread.php SQL注入漏洞

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2006-3210

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2006-3210

I. Basic Information for CVE-2006-3210

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2006-3210

III. Intelligence Information for CVE-2006-3210

Same Patch Batch · n/a · 2006-06-24 · 20 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2006-3210

Leave a comment