{ "schema_version": "1.4.0", "id": "GHSA-mx2f-qv6j-3c6h", "modified": "2025-04-03T04:34:05Z", "published": "2022-05-01T07:03:18Z", "aliases": [ "CVE-2006-2864" ], "details": "Multiple PHP remote file inclusion vulnerabilities in BlueShoes Framework 4.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) APP[path][applications] parameter to (a) Bs_Faq.class.php, (2) APP[path][core] parameter to (b) fileBrowserInner.php, (c) file.php, and (d) viewer.php, and (e) Bs_ImageArchive.class.php, (3) GLOBALS[APP][path][core] parameter to (f) Bs_Ml_User.class.php, or (4) APP[path][plugins] parameter to (g) Bs_Wse_Profile.class.php.", "severity": [], "affected": [], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-2864" }, { "type": "WEB", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26908" }, { "type": "WEB", "url": "https://www.exploit-db.com/exploits/1870" }, { "type": "WEB", "url": "http://secunia.com/advisories/20438" }, { "type": "WEB", "url": "http://www.blueshoes.org/en/news" }, { "type": "WEB", "url": "http://www.osvdb.org/25996" }, { "type": "WEB", "url": "http://www.osvdb.org/25997" }, { "type": "WEB", "url": "http://www.osvdb.org/25998" }, { "type": "WEB", "url": "http://www.osvdb.org/25999" }, { "type": "WEB", "url": "http://www.osvdb.org/26000" }, { "type": "WEB", "url": "http://www.osvdb.org/26001" }, { "type": "WEB", "url": "http://www.osvdb.org/26002" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/18261" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2006/2128" } ], "database_specific": { "cwe_ids": [], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2006-06-06T20:06:00Z" } }