CVE-2006-4287 - Vulnerability Details - OpenCVE

Multiple PHP remote file inclusion vulnerabilities in NES Game and NES System c108122 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) phphtmllib parameter to (a) phphtmllib/includes.php; tag_utils/ scripts including (b) divtag_utils.php, (c) form_utils.php, (d) html_utils.php, and (e) localinc.php; and widgets/ scripts including (f) FooterNav.php, (g) HTMLPageClass.php, (h) InfoTable.php, (i) localinc.php, (j) NavTable.php, and (k) TextNav.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nes Game	Nes Game
Nes System	Nes System

Configuration 1 [-]

OR	cpe:2.3:a:nes_game:nes_game:c108122:::::::*
	cpe:2.3:a:nes_system:nes_system:c108122:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/21593
http://www.osvdb.org/28044
http://www.osvdb.org/28045
http://www.osvdb.org/28046
http://www.osvdb.org/28047
http://www.osvdb.org/28048
http://www.osvdb.org/28049
http://www.osvdb.org/28050
http://www.osvdb.org/28051
http://www.osvdb.org/28052
http://www.osvdb.org/28053
http://www.osvdb.org/28054
http://www.rahim.webd.pl/exploity/Exploits/61.html
http://www.securityfocus.com/bid/19611
http://www.vupen.com/english/advisories/2006/3339
https://exchange.xforce.ibmcloud.com/vulnerabilities/28486
https://www.exploit-db.com/exploits/2226

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-08-22T17:00:00

Updated: 2024-08-07T19:06:07.354Z

Reserved: 2006-08-22T00:00:00

Link: CVE-2006-4287

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-08-22T17:04:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-4287

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-08-20T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple PHP remote file inclusion vulnerabilities in NES Game and NES System c108122 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) phphtmllib parameter to (a) phphtmllib/includes.php; tag_utils/ scripts including (b) divtag_utils.php, (c) form_utils.php, (d) html_utils.php, and (e) localinc.php; and widgets/ scripts including (f) FooterNav.php, (g) HTMLPageClass.php, (h) InfoTable.php, (i) localinc.php, (j) NavTable.php, and (k) TextNav.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-18T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "28045", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28045"}, {"name": "28044", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28044"}, {"name": "28054", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28054"}, {"name": "28049", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28049"}, {"name": "28053", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28053"}, {"tags": ["x_refsource_MISC"], "url": "http://www.rahim.webd.pl/exploity/Exploits/61.html"}, {"name": "21593", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21593"}, {"name": "28052", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28052"}, {"name": "ADV-2006-3339", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3339"}, {"name": "nesgame-phphtmllib-file-include(28486)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28486"}, {"name": "28047", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28047"}, {"name": "28048", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28048"}, {"name": "28051", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28051"}, {"name": "28050", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28050"}, {"name": "2226", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/2226"}, {"name": "19611", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19611"}, {"name": "28046", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28046"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4287", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple PHP remote file inclusion vulnerabilities in NES Game and NES System c108122 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) phphtmllib parameter to (a) phphtmllib/includes.php; tag_utils/ scripts including (b) divtag_utils.php, (c) form_utils.php, (d) html_utils.php, and (e) localinc.php; and widgets/ scripts including (f) FooterNav.php, (g) HTMLPageClass.php, (h) InfoTable.php, (i) localinc.php, (j) NavTable.php, and (k) TextNav.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "28045", "refsource": "OSVDB", "url": "http://www.osvdb.org/28045"}, {"name": "28044", "refsource": "OSVDB", "url": "http://www.osvdb.org/28044"}, {"name": "28054", "refsource": "OSVDB", "url": "http://www.osvdb.org/28054"}, {"name": "28049", "refsource": "OSVDB", "url": "http://www.osvdb.org/28049"}, {"name": "28053", "refsource": "OSVDB", "url": "http://www.osvdb.org/28053"}, {"name": "http://www.rahim.webd.pl/exploity/Exploits/61.html", "refsource": "MISC", "url": "http://www.rahim.webd.pl/exploity/Exploits/61.html"}, {"name": "21593", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21593"}, {"name": "28052", "refsource": "OSVDB", "url": "http://www.osvdb.org/28052"}, {"name": "ADV-2006-3339", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3339"}, {"name": "nesgame-phphtmllib-file-include(28486)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28486"}, {"name": "28047", "refsource": "OSVDB", "url": "http://www.osvdb.org/28047"}, {"name": "28048", "refsource": "OSVDB", "url": "http://www.osvdb.org/28048"}, {"name": "28051", "refsource": "OSVDB", "url": "http://www.osvdb.org/28051"}, {"name": "28050", "refsource": "OSVDB", "url": "http://www.osvdb.org/28050"}, {"name": "2226", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/2226"}, {"name": "19611", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19611"}, {"name": "28046", "refsource": "OSVDB", "url": "http://www.osvdb.org/28046"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:06:07.354Z"}, "title": "CVE Program Container", "references": [{"name": "28045", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/28045"}, {"name": "28044", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/28044"}, {"name": "28054", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/28054"}, {"name": "28049", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/28049"}, {"name": "28053", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/28053"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.rahim.webd.pl/exploity/Exploits/61.html"}, {"name": "21593", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21593"}, {"name": "28052", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/28052"}, {"name": "ADV-2006-3339", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/3339"}, {"name": "nesgame-phphtmllib-file-include(28486)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28486"}, {"name": "28047", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/28047"}, {"name": "28048", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/28048"}, {"name": "28051", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/28051"}, {"name": "28050", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/28050"}, {"name": "2226", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/2226"}, {"name": "19611", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/19611"}, {"name": "28046", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/28046"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4287", "datePublished": "2006-08-22T17:00:00", "dateReserved": "2006-08-22T00:00:00", "dateUpdated": "2024-08-07T19:06:07.354Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nes_game:nes_game:c108122:*:*:*:*:*:*:*", "matchCriteriaId": "8F1E85D3-50B3-4468-A67D-083016E779F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:nes_system:nes_system:c108122:*:*:*:*:*:*:*", "matchCriteriaId": "DFEA901D-3859-478E-8BD9-B5F3C2E79711", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple PHP remote file inclusion vulnerabilities in NES Game and NES System c108122 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) phphtmllib parameter to (a) phphtmllib/includes.php; tag_utils/ scripts including (b) divtag_utils.php, (c) form_utils.php, (d) html_utils.php, and (e) localinc.php; and widgets/ scripts including (f) FooterNav.php, (g) HTMLPageClass.php, (h) InfoTable.php, (i) localinc.php, (j) NavTable.php, and (k) TextNav.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inclusi\u00f3n remota de archivo en PHP en NES Game y NES System c108122 y anteriores permiten a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante una URL en el par\u00e1metro (1) phphtmllib de (a) phphtmllib/includes.php; archivos de tag_utils/ que incluyen (b) divtag_utils.php, (c) form_utils.php, (d) html_utils.php, and (e) localinc.php; y archivos de widgets/ que incluyen (f) FooterNav.php, (g) HTMLPageClass.php, (h) InfoTable.php, (i) localinc.php, (j) NavTable.php, y (k) TextNav.php."}], "id": "CVE-2006-4287", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-08-22T17:04:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://secunia.com/advisories/21593"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28044"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28045"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28046"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28047"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28048"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28049"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28050"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28051"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28052"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28053"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28054"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.rahim.webd.pl/exploity/Exploits/61.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/19611"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/3339"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28486"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/2226"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://secunia.com/advisories/21593"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/28044"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/28045"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/28046"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/28047"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/28048"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/28049"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/28050"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/28051"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/28052"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/28053"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/28054"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.rahim.webd.pl/exploity/Exploits/61.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/19611"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/3339"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28486"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/2226"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}