cve/2006/CVE-2006-6285.md

### [CVE-2006-6285](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6285)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

** DISPUTED **  PHP remote file inclusion vulnerability in index.php in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) 1.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the externalConfig parameter.  NOTE: CVE and other third parties dispute this vulnerability because $externalConfig is defined before use.

### POC

#### Reference
- http://attrition.org/pipermail/vim/2006-December/001159.html
- https://www.exploit-db.com/exploits/2868

#### Github
No PoCs found on GitHub currently.
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2006-6285](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6285)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			` DISPUTED PHP remote file inclusion vulnerability in index.php in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) 1.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the externalConfig parameter. NOTE: CVE and other third parties dispute this vulnerability because $externalConfig is defined before use.`

			`### POC`

			`#### Reference`
			`- http://attrition.org/pipermail/vim/2006-December/001159.html`
			`- https://www.exploit-db.com/exploits/2868`

			`#### Github`
			`No PoCs found on GitHub currently.`