|
|
CVE Reference: CVE-2006-0625 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-0625 |
|
|
Description: Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file parameter to spip_acces_doc.php3. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/24600 ST 1015602 SAID Secunia Advisory: SA18676 OSVDB 23086 MISC http://retrogod.altervista.org/spip_182g_shell_inj_xpl.html BID 16556 |
|
| Return to the previous page. |
