FKIE_CVE-2006-1688

Vulnerability from fkie_nvd - Published: 2006-04-11 00:02 - Updated: 2026-06-16 22:23
Severity
Summary
Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allow remote attackers to execute arbitrary PHP code via a URL in the libpath parameter to scripts in the lib directory including (1) ase.php, (2) devi.php, (3) doom3.php, (4) et.php, (5) flashpoint.php, (6) gameSpy.php, (7) gameSpy2.php, (8) gore.php, (9) gsvari.php, (10) halo.php, (11) hlife.php, (12) hlife2.php, (13) igi2.php, (14) main.lib.php, (15) netpanzer.php, (16) old_hlife.php, (17) pkill.php, (18) q2a.php, (19) q3a.php, (20) qworld.php, (21) rene.php, (22) rvbshld.php, (23) savage.php, (24) simracer.php, (25) sof1.php, (26) sof2.php, (27) unreal.php, (28) ut2004.php, and (29) vietcong.php. NOTE: the lib/armygame.php vector is already covered by CVE-2006-1610. The provenance of most of these additional vectors is unknown, although likely from post-disclosure analysis. NOTE: this only occurs when register_globals is disabled.
References
cve@mitre.orghttp://liz0zim.no-ip.org/alp.txtExploit
cve@mitre.orghttp://secunia.com/advisories/19482Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/19588Vendor Advisory
cve@mitre.orghttp://securityreason.com/securityalert/679
cve@mitre.orghttp://securitytracker.com/id?1015884Exploit
cve@mitre.orghttp://www.blogcu.com/Liz0ziM/431845/Exploit, URL Repurposed
cve@mitre.orghttp://www.osvdb.org/24401
cve@mitre.orghttp://www.osvdb.org/24402
cve@mitre.orghttp://www.osvdb.org/24403
cve@mitre.orghttp://www.osvdb.org/24404
cve@mitre.orghttp://www.osvdb.org/24405
cve@mitre.orghttp://www.osvdb.org/24406
cve@mitre.orghttp://www.osvdb.org/24407Exploit
cve@mitre.orghttp://www.osvdb.org/24408
cve@mitre.orghttp://www.osvdb.org/24409
cve@mitre.orghttp://www.osvdb.org/24410
cve@mitre.orghttp://www.osvdb.org/24411
cve@mitre.orghttp://www.osvdb.org/24412
cve@mitre.orghttp://www.osvdb.org/24413
cve@mitre.orghttp://www.osvdb.org/24414
cve@mitre.orghttp://www.osvdb.org/24415
cve@mitre.orghttp://www.osvdb.org/24416
cve@mitre.orghttp://www.osvdb.org/24417
cve@mitre.orghttp://www.osvdb.org/24418
cve@mitre.orghttp://www.osvdb.org/24419
cve@mitre.orghttp://www.osvdb.org/24420
cve@mitre.orghttp://www.osvdb.org/24421
cve@mitre.orghttp://www.osvdb.org/24422
cve@mitre.orghttp://www.osvdb.org/24423
cve@mitre.orghttp://www.osvdb.org/24424
cve@mitre.orghttp://www.osvdb.org/24425
cve@mitre.orghttp://www.osvdb.org/24426
cve@mitre.orghttp://www.osvdb.org/24427
cve@mitre.orghttp://www.osvdb.org/24428
cve@mitre.orghttp://www.osvdb.org/24429
cve@mitre.orghttp://www.securityfocus.com/archive/1/430289/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/439874/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/441015/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/17434Exploit
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/1284Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://liz0zim.no-ip.org/alp.txtExploit
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19482Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19588Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/679
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1015884Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.blogcu.com/Liz0ziM/431845/Exploit, URL Repurposed
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/24401
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/24402
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/24403
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/24404
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/24405
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/24406
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/24407Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/24408
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/24409
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/24410
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/24411
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/24412
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/24413
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/24414
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/24415
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/24416
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/24417
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/24418
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/24419
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/24420
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/24421
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/24422
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/24423
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/24424
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/24425
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/24426
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/24427
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/24428
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/24429
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/430289/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/439874/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/441015/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/17434Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/1284Vendor Advisory
Impacted products
Vendor Product Version
squery squery *

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "source": "cve@mitre.org"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:squery:squery:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE10A14-FF1C-4FCB-BABE-B43253157E73",
              "versionEndIncluding": "4.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allow remote attackers to execute arbitrary PHP code via a URL in the libpath parameter to scripts in the lib directory including (1) ase.php, (2) devi.php, (3) doom3.php, (4) et.php, (5) flashpoint.php, (6) gameSpy.php, (7) gameSpy2.php, (8) gore.php, (9) gsvari.php, (10) halo.php, (11) hlife.php, (12) hlife2.php, (13) igi2.php, (14) main.lib.php, (15) netpanzer.php, (16) old_hlife.php, (17) pkill.php, (18) q2a.php, (19) q3a.php, (20) qworld.php, (21) rene.php, (22) rvbshld.php, (23) savage.php, (24) simracer.php, (25) sof1.php, (26) sof2.php, (27) unreal.php, (28) ut2004.php, and (29) vietcong.php. NOTE: the lib/armygame.php vector is already covered by CVE-2006-1610. The provenance of most of these additional vectors is unknown, although likely from post-disclosure analysis.  NOTE: this only occurs when register_globals is disabled."
    }
  ],
  "id": "CVE-2006-1688",
  "lastModified": "2026-06-16T22:23:26.510",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-04-11T00:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://liz0zim.no-ip.org/alp.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19482"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19588"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/679"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://securitytracker.com/id?1015884"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "URL Repurposed"
      ],
      "url": "http://www.blogcu.com/Liz0ziM/431845/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/24401"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/24402"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/24403"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/24404"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/24405"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/24406"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.osvdb.org/24407"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/24408"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/24409"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/24410"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/24411"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/24412"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/24413"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/24414"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/24415"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/24416"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/24417"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/24418"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/24419"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/24420"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/24421"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/24422"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/24423"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/24424"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/24425"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/24426"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/24427"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/24428"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/24429"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/430289/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/439874/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/441015/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/17434"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/1284"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://liz0zim.no-ip.org/alp.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19482"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19588"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/679"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://securitytracker.com/id?1015884"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "URL Repurposed"
      ],
      "url": "http://www.blogcu.com/Liz0ziM/431845/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24401"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24402"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24403"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24404"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24405"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24406"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.osvdb.org/24407"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24408"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24409"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24410"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24411"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24412"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24414"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24415"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24416"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24417"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24418"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24419"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24420"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24421"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24422"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24423"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24424"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24425"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24426"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24427"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24428"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24429"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/430289/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/439874/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/441015/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/17434"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/1284"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…