CVE-2006-4026 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-4026
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-4026

Description: PHP remote file inclusion vulnerability in SAPID CMS 123 rc3 allows remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter in usr/extensions/get_infochannel.inc.php and the (2) GLOBALS["root_path"] parameter in usr/extensions/get_tree.inc.php.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/28250 ST 1016650 SREASON http://securityreason.com/securityalert/1346 SAID Secunia Advisory: SA21410 MILW0RM http://milw0rm.com/exploits/2128 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/442425/100/0/threaded BID 19383

Return to the previous page.