CVE-2006-1688

critical

Description

Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allow remote attackers to execute arbitrary PHP code via a URL in the libpath parameter to scripts in the lib directory including (1) ase.php, (2) devi.php, (3) doom3.php, (4) et.php, (5) flashpoint.php, (6) gameSpy.php, (7) gameSpy2.php, (8) gore.php, (9) gsvari.php, (10) halo.php, (11) hlife.php, (12) hlife2.php, (13) igi2.php, (14) main.lib.php, (15) netpanzer.php, (16) old_hlife.php, (17) pkill.php, (18) q2a.php, (19) q3a.php, (20) qworld.php, (21) rene.php, (22) rvbshld.php, (23) savage.php, (24) simracer.php, (25) sof1.php, (26) sof2.php, (27) unreal.php, (28) ut2004.php, and (29) vietcong.php. NOTE: the lib/armygame.php vector is already covered by CVE-2006-1610. The provenance of most of these additional vectors is unknown, although likely from post-disclosure analysis. NOTE: this only occurs when register_globals is disabled.

References

http://www.vupen.com/english/advisories/2006/1284

http://www.securityfocus.com/archive/1/441015/100/0/threaded

http://www.securityfocus.com/archive/1/439874/100/0/threaded

http://www.securityfocus.com/archive/1/430289/100/0/threaded

http://www.osvdb.org/24429

http://www.osvdb.org/24428

http://www.osvdb.org/24427

http://www.osvdb.org/24426

http://www.osvdb.org/24425

http://www.osvdb.org/24424

http://www.osvdb.org/24423

http://www.osvdb.org/24422

http://www.osvdb.org/24421

http://www.osvdb.org/24420

http://www.osvdb.org/24419

http://www.osvdb.org/24418

http://www.osvdb.org/24417

http://www.osvdb.org/24416

http://www.osvdb.org/24415

http://www.osvdb.org/24414

http://www.osvdb.org/24413

http://www.osvdb.org/24412

http://www.osvdb.org/24411

http://www.osvdb.org/24410

http://www.osvdb.org/24409

http://www.osvdb.org/24408

http://www.osvdb.org/24406

http://www.osvdb.org/24405

http://www.osvdb.org/24404

http://www.osvdb.org/24403

http://www.osvdb.org/24402

http://www.osvdb.org/24401

http://securityreason.com/securityalert/679

http://secunia.com/advisories/19588

http://secunia.com/advisories/19482

Details

Source: Mitre, NVD

Published: 2006-04-11

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.03511