CVE-2006-2323 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-2323
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-2323

Description: Multiple PHP remote file inclusion vulnerabilities in SmartISoft phpListPro 2.01 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the returnpath parameter in (1) editsite.php, (2) addsite.php, and (3) in.php. NOTE: The config.php vector is already covered by CVE-2006-1749.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/26359 ST 1016060 SREASON http://securityreason.com/securityalert/156 http://securityreason.com/securityalert/688 http://securityreason.com/securityalert/882 OSVDB 25905 25906 25904 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/433285/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/433562/100/0/threaded

Return to the previous page.