CVE-2006-3193 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-3193
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-3193

Description: Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS 1.1.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) includes/content/contact_content.php; multiple files in adminpanel/includes/add_forms/ including (2) addbioform.php, (3) addfliersform.php, (4) addgenmerchform.php, (5) addinterviewsform.php, (6) addlinksform.php, (7) addlyricsform.php, (8) addmembioform.php, (9) addmerchform.php, (10) addmerchpicform.php, (11) addnewsform.php, (12) addphotosform.php, (13) addreleaseform.php, (14) addreleasepicform.php, (15) addrelmerchform.php, (16) addreviewsform.php, (17) addshowsform.php, (18) addwearmerchform.php; (19) adminpanel/includes/mailinglist/disphtmltbl.php, and (20) adminpanel/includes/mailinglist/dispxls.php.

CVE Status: Candidate

References: SAID Secunia Advisory: SA20768 OSVDB 27234 27233 27252 27249 27250 27251 27248 27247 27245 27244 27243 27241 27242 27240 27235 27236 27237 27238 27239 27246 MISC http://www.milw0rm.com/exploits/1933 CONFIRM http://sourceforge.net/project/shownotes.php?release_id=428062 BID 18555

Return to the previous page.