Vulnerability Database
299,749
Total vulnerabilities in the database
CVE-2006-4733
PHP remote file inclusion vulnerability in sipssys/code/box.inc.php in Haakon Nilsen simple, integrated publishing system (SIPS) 0.3.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the config[sipssys] parameter. NOTE: the product's documentation recommends placing the affected file outside of the web root, so the scope of issue is limited to admins who do not, or cannot, follow this recommendation.
| Software | From | Fixed in |
|---|---|---|
| sips / sips | - | 0.3.1.x |
| sips / sips | 0.3.0pl1 | 0.3.0pl1.x |
| sips / sips | 0.3.0pl2 | 0.3.0pl2.x |
| sips / sips | 0.2.2 | 0.2.2.x |
| sips / sips | 0.2.4 | 0.2.4.x |
| sips / sips | 0.3.0 | 0.3.0.x |
- http://securityreason.com/securityalert/1549
- http://sips.cvs.sourceforge.net/sips/sips/sipssys/code/box.inc.php?revision=1.9&view=markup
- http://www.attrition.org/pipermail/vim/2007-February/001268.html
- http://www.securityfocus.com/archive/1/445770/100/0/threaded
- http://www.securityfocus.com/bid/19945
- https://www.exploit-db.com/exploits/3245
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime