|
CVE Reference: CVE-2006-5137
|
|
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.
|
|
Original Page at CVE MITRE:
CVE-2006-5137
|
|
Description:
Multiple direct static code injection vulnerabilities in Groupee UBB.threads 6.5.1.1 allow remote attackers to (1) inject PHP code via a theme[] array parameter to admin/doedittheme.php, which is injected into includes/theme.inc.php; (2) inject PHP code via a config[] array parameter to admin/doeditconfig.php, and then execute the code via includes/config.inc.php; and inject a reference to PHP code via a URL in the config[path] parameter, and then execute the code via (3) dorateuser.php, (4) calendar.php, and unspecified other scripts.
|
|
CVE Status:
Candidate
|
|
References:
XF http://xforce.iss.net/xforce/xfdb/29274
SREASON http://securityreason.com/securityalert/1676
BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/447359/100/0/threaded
BID 20266
|
|
|
Return to the previous page.
|