PT-2006-6843 · Pegames · Pegames

Dr.Pantagon

Published

2006-12-01

Updated

2017-10-19

CVE-2006-6213

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PEGames (affected versions not specified)

Description The issue allows remote attackers to conduct PHP remote file inclusion attacks. This is possible because the index.php file in PEGames uses the extract function, which overwrites critical variables. The abs url parameter is used in this attack, and it is later extracted to overwrite a previously uncontrolled value.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-6213

Affected Products

Pegames

PT-2006-6843 · Pegames · Pegames

CVE-2006-6213

Related Identifiers

Affected Products

References · 5