Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2006-4023

EPSS 0.12% · P31
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2006-4023

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy's role in buffer overflows, in which case this would be a class of implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a security-relevant manner.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
PHP ip2long函数SQL注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
PHP 5.1.4及早期版本中的ip2long函数可能对一个任意字符串没有进行正确验证,并返回一个有效的网络IP地址,利用此漏洞,远程攻击者可获取网络信息,并且助长了其它攻击,如在MiniBB 2.0的index.php脚本中X-FORWARDED-FOR头中使用SQL注入。注意:在某种程度上,ip2long行为代表的安全威胁与串拷贝在缓冲区溢出中扮演的角色相似这一论点还存在争议。在这种情况下,bug的执行对每一个以安全方式使用ip2long的PHP应用程序,都需要独立的CVE。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2006-4023

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2006-4023

登录查看更多情报信息。

Same Patch Batch · n/a · 2006-08-09 · 42 CVEs total

CVE-2006-3444Microsoft Windows 2000内核本地权限提升漏洞(MS06-049)
CVE-2006-4029AGEphone SIP报文处理缓冲区溢出漏洞
CVE-2006-3083MIT Kerberos 5多个本地权限提升漏洞
CVE-2006-3084MIT Kerberos 多个本地权限提升漏洞
CVE-2006-3979ColdFusion AdminAPI认证绕过漏洞
CVE-2006-3439Microsoft Windows Server服务远程缓冲区溢出漏洞(MS06-040)
CVE-2006-3440Microsoft Winsock Gethostbyname远程缓冲区溢出漏洞(MS06-041)
CVE-2006-3441Microsoft Windows DNS客户端缓冲区溢出漏洞(MS06-041)
CVE-2006-3443Microsoft Windows用户配置文件权限提升漏洞(MS06-051)
CVE-2006-3648Microsoft Windows未处理异常远程代码执行漏洞
CVE-2006-3438Microsoft超级链接对象库函数溢出漏洞
CVE-2006-4028WordPress多个不明安全漏洞
CVE-2006-3449Microsoft PowerPoint畸形记录处理代码执行漏洞(MS06-048)
CVE-2006-3639Microsoft IE源元素跨域访问漏洞(MS06-042)
CVE-2006-3640Microsoft IE窗口位置跨域信息泄露漏洞(MS06-042)
CVE-2006-3643Microsoft管理控制台重新定向跨站脚本漏洞(MS06-044)
CVE-2006-3649Microsoft Visual Basic for Applications文档检查溢出漏洞(MS06-047)
CVE-2006-4022Intel 2100 PRO/无线网络连接驱动程序内存破坏漏洞
CVE-2006-4024Festalon pce/hes.c程序 HES文件堆缓冲区溢出漏洞
CVE-2006-4025XennoBB 'Profile.PHP'SQL注入漏洞

Showing top 20 of 42 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2006-4023

No comments yet

Leave a comment