CVE-2006-4156 : PHP remote file inclusion vulnerability in big.php in pearlabs mafia moblog 6 an

PHP remote file inclusion vulnerability in big.php in pearlabs mafia moblog 6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pathtotemplate parameter. NOTE: a third party claims that the researcher is incorrect, because template.php defines pathtotemplate before big.php uses pathtotemplate. CVE has not verified either claim, but during August 2006, the original researcher made several significant errors regarding this bug type

Published 2006-08-16 22:04:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Vulnerability category: File inclusion

Products affected by CVE-2006-4156

Pearlabs » Mafia Moblog
Versions up to, including, (<=) 6
cpe:2.3:a:pearlabs:mafia_moblog:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-4156

EPSS FAQ

2.50%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 84 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-4156

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2006-4156

http://www.securityfocus.com/archive/1/443153/100/0/threaded
http://securityreason.com/securityalert/1391

Mafia Moblog <= 6 (pathtotemplate) Remote File Inclusion Vulnerability - CXSecurity.com
http://www.securityfocus.com/archive/1/442867/100/0/threaded
http://www.securityfocus.com/bid/19458

Jump to

Vulnerability Details : CVE-2006-4156

Products affected by CVE-2006-4156

Exploit prediction scoring system (EPSS) score for CVE-2006-4156

CVSS scores for CVE-2006-4156

References for CVE-2006-4156