{ "id": "CVE-2006-1688", "sourceIdentifier": "cve@mitre.org", "published": "2006-04-11T00:02:00.000", "lastModified": "2024-11-21T00:09:29.677", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allow remote attackers to execute arbitrary PHP code via a URL in the libpath parameter to scripts in the lib directory including (1) ase.php, (2) devi.php, (3) doom3.php, (4) et.php, (5) flashpoint.php, (6) gameSpy.php, (7) gameSpy2.php, (8) gore.php, (9) gsvari.php, (10) halo.php, (11) hlife.php, (12) hlife2.php, (13) igi2.php, (14) main.lib.php, (15) netpanzer.php, (16) old_hlife.php, (17) pkill.php, (18) q2a.php, (19) q3a.php, (20) qworld.php, (21) rene.php, (22) rvbshld.php, (23) savage.php, (24) simracer.php, (25) sof1.php, (26) sof2.php, (27) unreal.php, (28) ut2004.php, and (29) vietcong.php. NOTE: the lib/armygame.php vector is already covered by CVE-2006-1610. The provenance of most of these additional vectors is unknown, although likely from post-disclosure analysis. NOTE: this only occurs when register_globals is disabled." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL" }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-94" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:squery:squery:*:*:*:*:*:*:*:*", "versionEndIncluding": "4.5", "matchCriteriaId": "7FE10A14-FF1C-4FCB-BABE-B43253157E73" } ] } ] } ], "references": [ { "url": "http://liz0zim.no-ip.org/alp.txt", "source": "cve@mitre.org", "tags": [ "Exploit" ] }, { "url": "http://secunia.com/advisories/19482", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/19588", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "http://securityreason.com/securityalert/679", "source": "cve@mitre.org" }, { "url": "http://securitytracker.com/id?1015884", "source": "cve@mitre.org", "tags": [ "Exploit" ] }, { "url": "http://www.blogcu.com/Liz0ziM/431845/", "source": "cve@mitre.org", "tags": [ "Exploit", "URL Repurposed" ] }, { "url": "http://www.osvdb.org/24401", "source": "cve@mitre.org" }, { "url": "http://www.osvdb.org/24402", "source": "cve@mitre.org" }, { "url": "http://www.osvdb.org/24403", "source": "cve@mitre.org" }, { "url": "http://www.osvdb.org/24404", "source": "cve@mitre.org" }, { "url": "http://www.osvdb.org/24405", "source": "cve@mitre.org" }, { "url": "http://www.osvdb.org/24406", "source": "cve@mitre.org" }, { "url": "http://www.osvdb.org/24407", "source": "cve@mitre.org", "tags": [ "Exploit" ] }, { "url": "http://www.osvdb.org/24408", "source": "cve@mitre.org" }, { "url": "http://www.osvdb.org/24409", "source": "cve@mitre.org" }, { "url": "http://www.osvdb.org/24410", "source": "cve@mitre.org" }, { "url": "http://www.osvdb.org/24411", "source": "cve@mitre.org" }, { "url": "http://www.osvdb.org/24412", "source": "cve@mitre.org" }, { "url": "http://www.osvdb.org/24413", "source": "cve@mitre.org" }, { "url": "http://www.osvdb.org/24414", "source": "cve@mitre.org" }, { "url": "http://www.osvdb.org/24415", "source": "cve@mitre.org" }, { "url": "http://www.osvdb.org/24416", "source": "cve@mitre.org" }, { "url": "http://www.osvdb.org/24417", "source": "cve@mitre.org" }, { "url": "http://www.osvdb.org/24418", "source": "cve@mitre.org" }, { "url": "http://www.osvdb.org/24419", "source": "cve@mitre.org" }, { "url": "http://www.osvdb.org/24420", "source": "cve@mitre.org" }, { "url": "http://www.osvdb.org/24421", "source": "cve@mitre.org" }, { "url": "http://www.osvdb.org/24422", "source": "cve@mitre.org" }, { "url": "http://www.osvdb.org/24423", "source": "cve@mitre.org" }, { "url": "http://www.osvdb.org/24424", "source": "cve@mitre.org" }, { "url": "http://www.osvdb.org/24425", "source": "cve@mitre.org" }, { "url": "http://www.osvdb.org/24426", "source": "cve@mitre.org" }, { "url": "http://www.osvdb.org/24427", "source": "cve@mitre.org" }, { "url": "http://www.osvdb.org/24428", "source": "cve@mitre.org" }, { "url": "http://www.osvdb.org/24429", "source": "cve@mitre.org" }, { "url": "http://www.securityfocus.com/archive/1/430289/100/0/threaded", "source": "cve@mitre.org" }, { "url": "http://www.securityfocus.com/archive/1/439874/100/0/threaded", "source": "cve@mitre.org" }, { "url": "http://www.securityfocus.com/archive/1/441015/100/0/threaded", "source": "cve@mitre.org" }, { "url": "http://www.securityfocus.com/bid/17434", "source": "cve@mitre.org", "tags": [ "Exploit" ] }, { "url": "http://www.vupen.com/english/advisories/2006/1284", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "http://liz0zim.no-ip.org/alp.txt", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ] }, { "url": "http://secunia.com/advisories/19482", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/19588", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "http://securityreason.com/securityalert/679", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://securitytracker.com/id?1015884", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ] }, { "url": "http://www.blogcu.com/Liz0ziM/431845/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "URL Repurposed" ] }, { "url": "http://www.osvdb.org/24401", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.osvdb.org/24402", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.osvdb.org/24403", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.osvdb.org/24404", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.osvdb.org/24405", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.osvdb.org/24406", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.osvdb.org/24407", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ] }, { "url": "http://www.osvdb.org/24408", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.osvdb.org/24409", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.osvdb.org/24410", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.osvdb.org/24411", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.osvdb.org/24412", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.osvdb.org/24413", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.osvdb.org/24414", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.osvdb.org/24415", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.osvdb.org/24416", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.osvdb.org/24417", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.osvdb.org/24418", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.osvdb.org/24419", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.osvdb.org/24420", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.osvdb.org/24421", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.osvdb.org/24422", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.osvdb.org/24423", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.osvdb.org/24424", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.osvdb.org/24425", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.osvdb.org/24426", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.osvdb.org/24427", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.osvdb.org/24428", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.osvdb.org/24429", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.securityfocus.com/archive/1/430289/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.securityfocus.com/archive/1/439874/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.securityfocus.com/archive/1/441015/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.securityfocus.com/bid/17434", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ] }, { "url": "http://www.vupen.com/english/advisories/2006/1284", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] } ] }