CVE-2006-5308 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-5308
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-5308

Description: Multiple PHP remote file inclusion vulnerabilities in Open Conference Systems (OCS) before 1.1.6 allow remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter in (1) include/theme.inc.php or (2) include/footer.inc.php.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/29517 ST 1017071 SAID Secunia Advisory: SA22412 MISC http://www.milw0rm.com/exploits/2536 http://isc.sans.org/diary.php?storyid=1791 CONFIRM http://pkp.sfu.ca:8043/bugzilla/attachment.cgi?id=90 http://pkp.sfu.ca/ocs_download http://pkp.sfu.ca:8043/bugzilla/show_bug.cgi?id=2436 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/448548/100/0/threaded BID 20567

Return to the previous page.