CVE-2006-4969

critical

Description

Multiple PHP remote file inclusion vulnerabilities in WAHM E-Commerce Pie Cart Pro allow remote attackers to execute arbitrary PHP code via a URL in the Inc_Dir parameter in (1) affiliates.php, (2) orders.php, (3) events.php, (4) index.php, (5) articles.php, (6) faqs.php, (7) guestbook.php, (8) catalog.php, (9) wholesale.php, (10) weblinks.php, (11) certificates.php, (12) sitesearch.php, (13) contact.php, (14) sitemap.php, (15) search.php, (16) registry.php, or (17) error.php.

References

https://www.exploit-db.com/exploits/2393

https://exchange.xforce.ibmcloud.com/vulnerabilities/29023

http://www.vupen.com/english/advisories/2006/3798

http://www.osvdb.org/29214

http://www.osvdb.org/29213

http://www.osvdb.org/29212

http://www.osvdb.org/29211

http://www.osvdb.org/29210

http://www.osvdb.org/29209

http://www.osvdb.org/29208

http://www.osvdb.org/29207

http://www.osvdb.org/29206

http://www.osvdb.org/29205

http://www.osvdb.org/29204

http://www.osvdb.org/29203

http://www.osvdb.org/29202

http://www.osvdb.org/29201

http://www.osvdb.org/29200

http://www.osvdb.org/29199

http://www.osvdb.org/29198

http://secunia.com/advisories/22131

Details

Source: Mitre, NVD

Published: 2006-09-25

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.05581