|
|
CVE Reference: CVE-2006-3340 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-3340 |
|
|
Description: Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo module 1.6 for Mambo, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the (1) phpbb_root_path parameter in (a) includes/functions_cms.php and the (2) GlobalSettings[templatesDirectory] parameter in multiple files in the "includes" directory including (b) adminSensored.php, (c) adminBoards.php, (d) adminAttachments.php, (e) adminAvatars.php, (f) adminBackupdatabase.php, (g) adminBanned.php, (h) adminForums.php, (i) adminPolls.php, (j) adminSmileys.php, (k) poll.php, and (l) move.php. |
|
|
CVE Status: Candidate |
|
|
References: SAID Secunia Advisory: SA20819 OSVDB 27168 27178 27175 27172 27173 27174 27171 27170 27169 27177 27176 MISC http://www.milw0rm.com/exploits/1956 BID 18690 |
|
| Return to the previous page. |
