|
|
CVE Reference: CVE-2006-2745 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-2745 |
|
|
Description: Multiple PHP remote file inclusion vulnerabilities in F@cile Interactive Web 0.8.5 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) pathfile parameter in (a) p-editpage.php and (b) p-editbox.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/26841 http://xforce.iss.net/xforce/xfdb/26854 SREASON http://securityreason.com/securityalert/1010 SAID Secunia Advisory: SA20358 OSVDB 26103 26101 26102 MISC http://www.nukedx.com/?viewdoc=35 http://www.nukedx.com/?getxpl=35 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/435283/100/0/threaded BID 18149 |
|
| Return to the previous page. |
