// For flags

CVE-2006-1602

 

Severity Score

9.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

PHP remote file inclusion vulnerability in includes/functions_common.php in the VWar Account module (vWar_Account) in PHPNuke Clan 3.0.1 allows remote attackers to include arbitrary files via a URL in the vwar_root2 parameter. NOTE: it is possible that this issue stems from a problem in VWar itself, but this is not clear.

Vulnerabilidad de inclusión de fichero PHP remoto en includes/funcions_common.php en el módulo VWar Account (vWar_Account) en PHPNuke Clan 3.0.1 permite a atacantes remotos incluir ficheros de su elección mediante una URL en el parámetro vwar_root2. NOTA: es posible que esta cuestión provenga de un problema en el mismo VWar, pero no está claro.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-04-03 CVE Reserved
  • 2006-04-04 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Phpnuke-clan
Search vendor "Phpnuke-clan"
 Phpnuke-clan
Search vendor "Phpnuke-clan" for product "Phpnuke-clan"
 3.0.1
Search vendor "Phpnuke-clan" for product "Phpnuke-clan" and version "3.0.1"
-
Affected