|
|
CVE Reference: CVE-2006-0479 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-0479 |
|
|
Description: pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS). |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/24367 http://xforce.iss.net/xforce/xfdb/24366 http://xforce.iss.net/xforce/xfdb/24368 ST 1015550 SAID Secunia Advisory: SA18634 MISC http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/ FULLDISC http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0931.html BID 16421 |
|
| Return to the previous page. |
