Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CVE-2006-4527 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2006-4527

CVE-2006-4527

UNKNOWN

includes/content/gateway

Published Sep 1, 2006

Modified 1 years ago

Details

includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote attackers to conduct PHP remote file inclusion attacks.

References

http://cubecart.com/site/forums/index.php?showtopic=21540

http://secunia.com/advisories/21659

http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697

http://www.gulftech.org/?node=research&article_id=00111-08282006&

http://www.securityfocus.com/bid/19782

https://www.cve.org/CVERecord?id=CVE-2006-4527

CVSS Analysis

CVSS v2.0

2.6

Exploitability

Access Vector

NetworkAV:N

Access Complexity

HighAC:H

Authentication

NoneAu:N

Impact

Confidentiality

NoneC:N

Integrity

PartialI:P

Availability

NoneA:N

2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N

Ecosystems

Timeline

PublishedSep 1, 2006

ModifiedSep 16, 2024