Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    10 vulnerabilities found for free_image_hosting by free_php_scripts

    CVE-2007-1715 (GCVE-0-2007-1715)

    Vulnerability from nvd – Published: 2007-03-27 21:00 – Updated: 2024-08-07 13:06
    VLAI
    Summary
    PHP remote file inclusion vulnerability in frontpage.php in Free Image Hosting 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: the forgot_pass.php vector is already covered by CVE-2006-5670, and the login.php vector overlaps CVE-2006-5763.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/37179 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://www.exploit-db.com/exploits/3568 exploitx_refsource_EXPLOIT-DB
    Date Public
    2007-03-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:06:26.058Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "37179",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/37179"
              },
              {
                "name": "freeimagehosting-adbodytemp-file-include(33196)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33196"
              },
              {
                "name": "3568",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/3568"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in frontpage.php in Free Image Hosting 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter.  NOTE: the forgot_pass.php vector is already covered by CVE-2006-5670, and the login.php vector overlaps CVE-2006-5763."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "37179",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/37179"
            },
            {
              "name": "freeimagehosting-adbodytemp-file-include(33196)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33196"
            },
            {
              "name": "3568",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/3568"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1715",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in frontpage.php in Free Image Hosting 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter.  NOTE: the forgot_pass.php vector is already covered by CVE-2006-5670, and the login.php vector overlaps CVE-2006-5763."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "37179",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/37179"
                },
                {
                  "name": "freeimagehosting-adbodytemp-file-include(33196)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33196"
                },
                {
                  "name": "3568",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/3568"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1715",
        "datePublished": "2007-03-27T21:00:00.000Z",
        "dateReserved": "2007-03-27T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:06:26.058Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-5763 (GCVE-0-2006-5763)

    Vulnerability from nvd – Published: 2006-11-06 23:00 – Updated: 2024-08-07 20:04
    VLAI
    Summary
    Multiple PHP remote file inclusion vulnerabilities in Free File Hosting 1.1, and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter to (1) login.php, (2) register.php, or (3) send.php. NOTE: the original provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue was later reported for the "File Upload System" which is a component of Free File Hosting. Vector 1 also affects Free Image Hosting 2.0, which contains the same code.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.attrition.org/pipermail/vim/2007-March… mailing-listx_refsource_VIM
    http://www.osvdb.org/30146 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/22594 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/23118 vdb-entryx_refsource_BID
    https://www.exploit-db.com/exploits/3568 exploitx_refsource_EXPLOIT-DB
    http://www.osvdb.org/30145 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/archive/1/463707/100… mailing-listx_refsource_BUGTRAQ
    http://www.osvdb.org/30144 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2006-10-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T20:04:55.337Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20070327 \"File Upload\" seems to be \"Free File Hosting\"",
                "tags": [
                  "mailing-list",
                  "x_refsource_VIM",
                  "x_transferred"
                ],
                "url": "http://www.attrition.org/pipermail/vim/2007-March/001473.html"
              },
              {
                "name": "30146",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/30146"
              },
              {
                "name": "22594",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22594"
              },
              {
                "name": "freeimagehosting-adbodytemp-file-include(33196)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33196"
              },
              {
                "name": "23118",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23118"
              },
              {
                "name": "3568",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/3568"
              },
              {
                "name": "30145",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/30145"
              },
              {
                "name": "20070324 File Upload System V1.0 (AD_BODY_TEMP) multiple file include",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/463707/100/0/threaded"
              },
              {
                "name": "30144",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/30144"
              },
              {
                "name": "freefile-forgot-file-include(29874)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29874"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-10-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple PHP remote file inclusion vulnerabilities in Free File Hosting 1.1, and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter to (1) login.php, (2) register.php, or (3) send.php.  NOTE: the original provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue was later reported for the \"File Upload System\" which is a component of Free File Hosting.  Vector 1 also affects Free Image Hosting 2.0, which contains the same code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20070327 \"File Upload\" seems to be \"Free File Hosting\"",
              "tags": [
                "mailing-list",
                "x_refsource_VIM"
              ],
              "url": "http://www.attrition.org/pipermail/vim/2007-March/001473.html"
            },
            {
              "name": "30146",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/30146"
            },
            {
              "name": "22594",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22594"
            },
            {
              "name": "freeimagehosting-adbodytemp-file-include(33196)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33196"
            },
            {
              "name": "23118",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23118"
            },
            {
              "name": "3568",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/3568"
            },
            {
              "name": "30145",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/30145"
            },
            {
              "name": "20070324 File Upload System V1.0 (AD_BODY_TEMP) multiple file include",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/463707/100/0/threaded"
            },
            {
              "name": "30144",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/30144"
            },
            {
              "name": "freefile-forgot-file-include(29874)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29874"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-5763",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple PHP remote file inclusion vulnerabilities in Free File Hosting 1.1, and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter to (1) login.php, (2) register.php, or (3) send.php.  NOTE: the original provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue was later reported for the \"File Upload System\" which is a component of Free File Hosting.  Vector 1 also affects Free Image Hosting 2.0, which contains the same code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20070327 \"File Upload\" seems to be \"Free File Hosting\"",
                  "refsource": "VIM",
                  "url": "http://www.attrition.org/pipermail/vim/2007-March/001473.html"
                },
                {
                  "name": "30146",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/30146"
                },
                {
                  "name": "22594",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22594"
                },
                {
                  "name": "freeimagehosting-adbodytemp-file-include(33196)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33196"
                },
                {
                  "name": "23118",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23118"
                },
                {
                  "name": "3568",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/3568"
                },
                {
                  "name": "30145",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/30145"
                },
                {
                  "name": "20070324 File Upload System V1.0 (AD_BODY_TEMP) multiple file include",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/463707/100/0/threaded"
                },
                {
                  "name": "30144",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/30144"
                },
                {
                  "name": "freefile-forgot-file-include(29874)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29874"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-5763",
        "datePublished": "2006-11-06T23:00:00.000Z",
        "dateReserved": "2006-11-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T20:04:55.337Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-5762 (GCVE-0-2006-5762)

    Vulnerability from nvd – Published: 2006-11-06 23:00 – Updated: 2024-08-07 20:04
    VLAI
    Summary
    PHP remote file inclusion vulnerability in forgot_pass.php in Free File Hosting 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: this issue was later reported for the "File Upload System" which is a component of Free File Hosting. This also affects Free Image Hosting 2.0, which contains the same code.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.rahim.webd.pl/exploity/Exploits/111.txt x_refsource_MISC
    http://www.attrition.org/pipermail/vim/2007-March… mailing-listx_refsource_VIM
    http://secunia.com/advisories/22594 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/23118 vdb-entryx_refsource_BID
    https://www.exploit-db.com/exploits/3568 exploitx_refsource_EXPLOIT-DB
    https://www.exploit-db.com/exploits/2670 exploitx_refsource_EXPLOIT-DB
    http://www.vupen.com/english/advisories/2006/4228 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/463707/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.osvdb.org/30143 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/20781 vdb-entryx_refsource_BID
    Date Public
    2006-10-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T20:04:55.409Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.rahim.webd.pl/exploity/Exploits/111.txt"
              },
              {
                "name": "20070327 \"File Upload\" seems to be \"Free File Hosting\"",
                "tags": [
                  "mailing-list",
                  "x_refsource_VIM",
                  "x_transferred"
                ],
                "url": "http://www.attrition.org/pipermail/vim/2007-March/001473.html"
              },
              {
                "name": "22594",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22594"
              },
              {
                "name": "freeimagehosting-adbodytemp-file-include(33196)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33196"
              },
              {
                "name": "23118",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23118"
              },
              {
                "name": "3568",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/3568"
              },
              {
                "name": "2670",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/2670"
              },
              {
                "name": "ADV-2006-4228",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/4228"
              },
              {
                "name": "20070324 File Upload System V1.0 (AD_BODY_TEMP) multiple file include",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/463707/100/0/threaded"
              },
              {
                "name": "freefile-forgot-file-include(29874)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29874"
              },
              {
                "name": "30143",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/30143"
              },
              {
                "name": "20781",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/20781"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-10-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in forgot_pass.php in Free File Hosting 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter.  NOTE: this issue was later reported for the \"File Upload System\" which is a component of Free File Hosting.  This also affects Free Image Hosting 2.0, which contains the same code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.rahim.webd.pl/exploity/Exploits/111.txt"
            },
            {
              "name": "20070327 \"File Upload\" seems to be \"Free File Hosting\"",
              "tags": [
                "mailing-list",
                "x_refsource_VIM"
              ],
              "url": "http://www.attrition.org/pipermail/vim/2007-March/001473.html"
            },
            {
              "name": "22594",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22594"
            },
            {
              "name": "freeimagehosting-adbodytemp-file-include(33196)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33196"
            },
            {
              "name": "23118",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23118"
            },
            {
              "name": "3568",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/3568"
            },
            {
              "name": "2670",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/2670"
            },
            {
              "name": "ADV-2006-4228",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/4228"
            },
            {
              "name": "20070324 File Upload System V1.0 (AD_BODY_TEMP) multiple file include",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/463707/100/0/threaded"
            },
            {
              "name": "freefile-forgot-file-include(29874)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29874"
            },
            {
              "name": "30143",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/30143"
            },
            {
              "name": "20781",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/20781"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-5762",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in forgot_pass.php in Free File Hosting 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter.  NOTE: this issue was later reported for the \"File Upload System\" which is a component of Free File Hosting.  This also affects Free Image Hosting 2.0, which contains the same code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.rahim.webd.pl/exploity/Exploits/111.txt",
                  "refsource": "MISC",
                  "url": "http://www.rahim.webd.pl/exploity/Exploits/111.txt"
                },
                {
                  "name": "20070327 \"File Upload\" seems to be \"Free File Hosting\"",
                  "refsource": "VIM",
                  "url": "http://www.attrition.org/pipermail/vim/2007-March/001473.html"
                },
                {
                  "name": "22594",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22594"
                },
                {
                  "name": "freeimagehosting-adbodytemp-file-include(33196)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33196"
                },
                {
                  "name": "23118",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23118"
                },
                {
                  "name": "3568",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/3568"
                },
                {
                  "name": "2670",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/2670"
                },
                {
                  "name": "ADV-2006-4228",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/4228"
                },
                {
                  "name": "20070324 File Upload System V1.0 (AD_BODY_TEMP) multiple file include",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/463707/100/0/threaded"
                },
                {
                  "name": "freefile-forgot-file-include(29874)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29874"
                },
                {
                  "name": "30143",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/30143"
                },
                {
                  "name": "20781",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/20781"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-5762",
        "datePublished": "2006-11-06T23:00:00.000Z",
        "dateReserved": "2006-11-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T20:04:55.409Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-5671 (GCVE-0-2006-5671)

    Vulnerability from nvd – Published: 2006-11-03 01:00 – Updated: 2024-08-07 19:55
    VLAI
    Summary
    PHP remote file inclusion vulnerability in contact.php in Free Image Hosting 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2006/4229 vdb-entryx_refsource_VUPEN
    Date Public
    2006-10-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:55:54.168Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2006-4229",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/4229"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-10-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in contact.php in Free Image Hosting 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-02-26T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2006-4229",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/4229"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-5671",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in contact.php in Free Image Hosting 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2006-4229",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/4229"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-5671",
        "datePublished": "2006-11-03T01:00:00.000Z",
        "dateReserved": "2006-11-02T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:55:54.168Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-5670 (GCVE-0-2006-5670)

    Vulnerability from nvd – Published: 2006-11-03 01:00 – Updated: 2024-08-07 19:55
    VLAI
    Summary
    PHP remote file inclusion vulnerability in forgot_pass.php in Free Image Hosting 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/22597 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2006/4229 vdb-entryx_refsource_VUPEN
    https://www.exploit-db.com/exploits/2669 exploitx_refsource_EXPLOIT-DB
    http://www.securityfocus.com/bid/20782 vdb-entryx_refsource_BID
    http://www.osvdb.org/30127 vdb-entryx_refsource_OSVDB
    Date Public
    2006-10-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:55:54.035Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "22597",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22597"
              },
              {
                "name": "freeimage-forgot-file-include(29873)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29873"
              },
              {
                "name": "ADV-2006-4229",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/4229"
              },
              {
                "name": "2669",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/2669"
              },
              {
                "name": "20782",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/20782"
              },
              {
                "name": "30127",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/30127"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-10-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in forgot_pass.php in Free Image Hosting 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-18T16:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "22597",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22597"
            },
            {
              "name": "freeimage-forgot-file-include(29873)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29873"
            },
            {
              "name": "ADV-2006-4229",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/4229"
            },
            {
              "name": "2669",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/2669"
            },
            {
              "name": "20782",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/20782"
            },
            {
              "name": "30127",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/30127"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-5670",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in forgot_pass.php in Free Image Hosting 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "22597",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22597"
                },
                {
                  "name": "freeimage-forgot-file-include(29873)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29873"
                },
                {
                  "name": "ADV-2006-4229",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/4229"
                },
                {
                  "name": "2669",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/2669"
                },
                {
                  "name": "20782",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/20782"
                },
                {
                  "name": "30127",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/30127"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-5670",
        "datePublished": "2006-11-03T01:00:00.000Z",
        "dateReserved": "2006-11-02T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:55:54.035Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1715 (GCVE-0-2007-1715)

    Vulnerability from cvelistv5 – Published: 2007-03-27 21:00 – Updated: 2024-08-07 13:06
    VLAI
    Summary
    PHP remote file inclusion vulnerability in frontpage.php in Free Image Hosting 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: the forgot_pass.php vector is already covered by CVE-2006-5670, and the login.php vector overlaps CVE-2006-5763.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/37179 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://www.exploit-db.com/exploits/3568 exploitx_refsource_EXPLOIT-DB
    Date Public
    2007-03-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:06:26.058Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "37179",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/37179"
              },
              {
                "name": "freeimagehosting-adbodytemp-file-include(33196)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33196"
              },
              {
                "name": "3568",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/3568"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in frontpage.php in Free Image Hosting 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter.  NOTE: the forgot_pass.php vector is already covered by CVE-2006-5670, and the login.php vector overlaps CVE-2006-5763."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "37179",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/37179"
            },
            {
              "name": "freeimagehosting-adbodytemp-file-include(33196)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33196"
            },
            {
              "name": "3568",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/3568"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1715",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in frontpage.php in Free Image Hosting 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter.  NOTE: the forgot_pass.php vector is already covered by CVE-2006-5670, and the login.php vector overlaps CVE-2006-5763."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "37179",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/37179"
                },
                {
                  "name": "freeimagehosting-adbodytemp-file-include(33196)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33196"
                },
                {
                  "name": "3568",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/3568"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1715",
        "datePublished": "2007-03-27T21:00:00.000Z",
        "dateReserved": "2007-03-27T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:06:26.058Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-5763 (GCVE-0-2006-5763)

    Vulnerability from cvelistv5 – Published: 2006-11-06 23:00 – Updated: 2024-08-07 20:04
    VLAI
    Summary
    Multiple PHP remote file inclusion vulnerabilities in Free File Hosting 1.1, and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter to (1) login.php, (2) register.php, or (3) send.php. NOTE: the original provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue was later reported for the "File Upload System" which is a component of Free File Hosting. Vector 1 also affects Free Image Hosting 2.0, which contains the same code.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.attrition.org/pipermail/vim/2007-March… mailing-listx_refsource_VIM
    http://www.osvdb.org/30146 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/22594 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/23118 vdb-entryx_refsource_BID
    https://www.exploit-db.com/exploits/3568 exploitx_refsource_EXPLOIT-DB
    http://www.osvdb.org/30145 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/archive/1/463707/100… mailing-listx_refsource_BUGTRAQ
    http://www.osvdb.org/30144 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2006-10-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T20:04:55.337Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20070327 \"File Upload\" seems to be \"Free File Hosting\"",
                "tags": [
                  "mailing-list",
                  "x_refsource_VIM",
                  "x_transferred"
                ],
                "url": "http://www.attrition.org/pipermail/vim/2007-March/001473.html"
              },
              {
                "name": "30146",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/30146"
              },
              {
                "name": "22594",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22594"
              },
              {
                "name": "freeimagehosting-adbodytemp-file-include(33196)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33196"
              },
              {
                "name": "23118",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23118"
              },
              {
                "name": "3568",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/3568"
              },
              {
                "name": "30145",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/30145"
              },
              {
                "name": "20070324 File Upload System V1.0 (AD_BODY_TEMP) multiple file include",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/463707/100/0/threaded"
              },
              {
                "name": "30144",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/30144"
              },
              {
                "name": "freefile-forgot-file-include(29874)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29874"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-10-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple PHP remote file inclusion vulnerabilities in Free File Hosting 1.1, and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter to (1) login.php, (2) register.php, or (3) send.php.  NOTE: the original provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue was later reported for the \"File Upload System\" which is a component of Free File Hosting.  Vector 1 also affects Free Image Hosting 2.0, which contains the same code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20070327 \"File Upload\" seems to be \"Free File Hosting\"",
              "tags": [
                "mailing-list",
                "x_refsource_VIM"
              ],
              "url": "http://www.attrition.org/pipermail/vim/2007-March/001473.html"
            },
            {
              "name": "30146",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/30146"
            },
            {
              "name": "22594",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22594"
            },
            {
              "name": "freeimagehosting-adbodytemp-file-include(33196)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33196"
            },
            {
              "name": "23118",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23118"
            },
            {
              "name": "3568",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/3568"
            },
            {
              "name": "30145",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/30145"
            },
            {
              "name": "20070324 File Upload System V1.0 (AD_BODY_TEMP) multiple file include",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/463707/100/0/threaded"
            },
            {
              "name": "30144",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/30144"
            },
            {
              "name": "freefile-forgot-file-include(29874)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29874"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-5763",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple PHP remote file inclusion vulnerabilities in Free File Hosting 1.1, and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter to (1) login.php, (2) register.php, or (3) send.php.  NOTE: the original provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue was later reported for the \"File Upload System\" which is a component of Free File Hosting.  Vector 1 also affects Free Image Hosting 2.0, which contains the same code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20070327 \"File Upload\" seems to be \"Free File Hosting\"",
                  "refsource": "VIM",
                  "url": "http://www.attrition.org/pipermail/vim/2007-March/001473.html"
                },
                {
                  "name": "30146",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/30146"
                },
                {
                  "name": "22594",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22594"
                },
                {
                  "name": "freeimagehosting-adbodytemp-file-include(33196)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33196"
                },
                {
                  "name": "23118",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23118"
                },
                {
                  "name": "3568",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/3568"
                },
                {
                  "name": "30145",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/30145"
                },
                {
                  "name": "20070324 File Upload System V1.0 (AD_BODY_TEMP) multiple file include",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/463707/100/0/threaded"
                },
                {
                  "name": "30144",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/30144"
                },
                {
                  "name": "freefile-forgot-file-include(29874)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29874"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-5763",
        "datePublished": "2006-11-06T23:00:00.000Z",
        "dateReserved": "2006-11-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T20:04:55.337Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-5762 (GCVE-0-2006-5762)

    Vulnerability from cvelistv5 – Published: 2006-11-06 23:00 – Updated: 2024-08-07 20:04
    VLAI
    Summary
    PHP remote file inclusion vulnerability in forgot_pass.php in Free File Hosting 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: this issue was later reported for the "File Upload System" which is a component of Free File Hosting. This also affects Free Image Hosting 2.0, which contains the same code.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.rahim.webd.pl/exploity/Exploits/111.txt x_refsource_MISC
    http://www.attrition.org/pipermail/vim/2007-March… mailing-listx_refsource_VIM
    http://secunia.com/advisories/22594 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/23118 vdb-entryx_refsource_BID
    https://www.exploit-db.com/exploits/3568 exploitx_refsource_EXPLOIT-DB
    https://www.exploit-db.com/exploits/2670 exploitx_refsource_EXPLOIT-DB
    http://www.vupen.com/english/advisories/2006/4228 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/463707/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.osvdb.org/30143 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/20781 vdb-entryx_refsource_BID
    Date Public
    2006-10-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T20:04:55.409Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.rahim.webd.pl/exploity/Exploits/111.txt"
              },
              {
                "name": "20070327 \"File Upload\" seems to be \"Free File Hosting\"",
                "tags": [
                  "mailing-list",
                  "x_refsource_VIM",
                  "x_transferred"
                ],
                "url": "http://www.attrition.org/pipermail/vim/2007-March/001473.html"
              },
              {
                "name": "22594",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22594"
              },
              {
                "name": "freeimagehosting-adbodytemp-file-include(33196)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33196"
              },
              {
                "name": "23118",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23118"
              },
              {
                "name": "3568",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/3568"
              },
              {
                "name": "2670",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/2670"
              },
              {
                "name": "ADV-2006-4228",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/4228"
              },
              {
                "name": "20070324 File Upload System V1.0 (AD_BODY_TEMP) multiple file include",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/463707/100/0/threaded"
              },
              {
                "name": "freefile-forgot-file-include(29874)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29874"
              },
              {
                "name": "30143",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/30143"
              },
              {
                "name": "20781",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/20781"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-10-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in forgot_pass.php in Free File Hosting 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter.  NOTE: this issue was later reported for the \"File Upload System\" which is a component of Free File Hosting.  This also affects Free Image Hosting 2.0, which contains the same code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.rahim.webd.pl/exploity/Exploits/111.txt"
            },
            {
              "name": "20070327 \"File Upload\" seems to be \"Free File Hosting\"",
              "tags": [
                "mailing-list",
                "x_refsource_VIM"
              ],
              "url": "http://www.attrition.org/pipermail/vim/2007-March/001473.html"
            },
            {
              "name": "22594",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22594"
            },
            {
              "name": "freeimagehosting-adbodytemp-file-include(33196)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33196"
            },
            {
              "name": "23118",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23118"
            },
            {
              "name": "3568",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/3568"
            },
            {
              "name": "2670",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/2670"
            },
            {
              "name": "ADV-2006-4228",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/4228"
            },
            {
              "name": "20070324 File Upload System V1.0 (AD_BODY_TEMP) multiple file include",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/463707/100/0/threaded"
            },
            {
              "name": "freefile-forgot-file-include(29874)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29874"
            },
            {
              "name": "30143",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/30143"
            },
            {
              "name": "20781",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/20781"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-5762",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in forgot_pass.php in Free File Hosting 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter.  NOTE: this issue was later reported for the \"File Upload System\" which is a component of Free File Hosting.  This also affects Free Image Hosting 2.0, which contains the same code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.rahim.webd.pl/exploity/Exploits/111.txt",
                  "refsource": "MISC",
                  "url": "http://www.rahim.webd.pl/exploity/Exploits/111.txt"
                },
                {
                  "name": "20070327 \"File Upload\" seems to be \"Free File Hosting\"",
                  "refsource": "VIM",
                  "url": "http://www.attrition.org/pipermail/vim/2007-March/001473.html"
                },
                {
                  "name": "22594",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22594"
                },
                {
                  "name": "freeimagehosting-adbodytemp-file-include(33196)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33196"
                },
                {
                  "name": "23118",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23118"
                },
                {
                  "name": "3568",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/3568"
                },
                {
                  "name": "2670",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/2670"
                },
                {
                  "name": "ADV-2006-4228",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/4228"
                },
                {
                  "name": "20070324 File Upload System V1.0 (AD_BODY_TEMP) multiple file include",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/463707/100/0/threaded"
                },
                {
                  "name": "freefile-forgot-file-include(29874)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29874"
                },
                {
                  "name": "30143",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/30143"
                },
                {
                  "name": "20781",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/20781"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-5762",
        "datePublished": "2006-11-06T23:00:00.000Z",
        "dateReserved": "2006-11-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T20:04:55.409Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-5671 (GCVE-0-2006-5671)

    Vulnerability from cvelistv5 – Published: 2006-11-03 01:00 – Updated: 2024-08-07 19:55
    VLAI
    Summary
    PHP remote file inclusion vulnerability in contact.php in Free Image Hosting 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2006/4229 vdb-entryx_refsource_VUPEN
    Date Public
    2006-10-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:55:54.168Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2006-4229",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/4229"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-10-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in contact.php in Free Image Hosting 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-02-26T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2006-4229",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/4229"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-5671",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in contact.php in Free Image Hosting 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2006-4229",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/4229"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-5671",
        "datePublished": "2006-11-03T01:00:00.000Z",
        "dateReserved": "2006-11-02T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:55:54.168Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-5670 (GCVE-0-2006-5670)

    Vulnerability from cvelistv5 – Published: 2006-11-03 01:00 – Updated: 2024-08-07 19:55
    VLAI
    Summary
    PHP remote file inclusion vulnerability in forgot_pass.php in Free Image Hosting 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/22597 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2006/4229 vdb-entryx_refsource_VUPEN
    https://www.exploit-db.com/exploits/2669 exploitx_refsource_EXPLOIT-DB
    http://www.securityfocus.com/bid/20782 vdb-entryx_refsource_BID
    http://www.osvdb.org/30127 vdb-entryx_refsource_OSVDB
    Date Public
    2006-10-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:55:54.035Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "22597",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22597"
              },
              {
                "name": "freeimage-forgot-file-include(29873)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29873"
              },
              {
                "name": "ADV-2006-4229",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/4229"
              },
              {
                "name": "2669",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/2669"
              },
              {
                "name": "20782",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/20782"
              },
              {
                "name": "30127",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/30127"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-10-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in forgot_pass.php in Free Image Hosting 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-18T16:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "22597",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22597"
            },
            {
              "name": "freeimage-forgot-file-include(29873)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29873"
            },
            {
              "name": "ADV-2006-4229",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/4229"
            },
            {
              "name": "2669",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/2669"
            },
            {
              "name": "20782",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/20782"
            },
            {
              "name": "30127",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/30127"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-5670",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in forgot_pass.php in Free Image Hosting 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "22597",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22597"
                },
                {
                  "name": "freeimage-forgot-file-include(29873)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29873"
                },
                {
                  "name": "ADV-2006-4229",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/4229"
                },
                {
                  "name": "2669",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/2669"
                },
                {
                  "name": "20782",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/20782"
                },
                {
                  "name": "30127",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/30127"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-5670",
        "datePublished": "2006-11-03T01:00:00.000Z",
        "dateReserved": "2006-11-02T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:55:54.035Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }