CVE-2006-4827 | Vulnerability Database | Aqua Security

Multiple PHP remote file inclusion vulnerabilities in Vmist Downstat 1.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the art parameter to (1) admin.php, (2) chart.php, (3) modes.php, or (4) stats.php.

Affected Software

Name	Vendor	Start Version	End Version
Downstat	Vmist	*	1.8 (including)
Downstat	Vmist	1.2 (including)	1.2 (including)
Downstat	Vmist	1.3 (including)	1.3 (including)
Downstat	Vmist	1.4 (including)	1.4 (including)
Downstat	Vmist	1.5 (including)	1.5 (including)
Downstat	Vmist	1.6 (including)	1.6 (including)
Downstat	Vmist	1.7 (including)	1.7 (including)

References

http://secunia.com/advisories/21914
http://www.securityfocus.com/bid/20007
http://www.vupen.com/english/advisories/2006/3594
https://exchange.xforce.ibmcloud.com/vulnerabilities/28916
https://www.exploit-db.com/exploits/2359
http://secunia.com/advisories/21914
http://www.securityfocus.com/bid/20007
http://www.vupen.com/english/advisories/2006/3594
https://exchange.xforce.ibmcloud.com/vulnerabilities/28916
https://www.exploit-db.com/exploits/2359

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-4827
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html