CVE-2006-4945

CVSS 5.1 - MEDIUM

Description

Multiple PHP remote file inclusion vulnerabilities in Cardway (aka Frederic Boudaud) DigitalWebShop 1.128 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _PHPLIB[libdir] parameter to (1) rechnung.php or (2) prepend.php.

Affected Products

3

Vendor	Product	Version
cardway	digitalwebshop	`1.110`
cardway	digitalwebshop	`1.120`
cardway	digitalwebshop	`1.128`

References

http://secunia.com/advisories/22026

http://www.securityfocus.com/bid/20107

http://www.vupen.com/english/advisories/2006/3705

https://exchange.xforce.ibmcloud.com/vulnerabiliti...

https://www.exploit-db.com/exploits/2398

http://secunia.com/advisories/22026

http://www.securityfocus.com/bid/20107

http://www.vupen.com/english/advisories/2006/3705

https://exchange.xforce.ibmcloud.com/vulnerabiliti...

https://www.exploit-db.com/exploits/2398

Weakness Types

NVD-CWE-Other

CVE Information

CVE ID:: CVE-2006-4945
Published:: 2006-09-23
Modified:: 2026-04-16
CVSS Score:: 5.1
Severity:: MEDIUM
Vector:: AV:N/AC:H/Au:N/C:P/I:P/A:P

Affected Vendors

cardway

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL