CVE-2006-5762 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-5762
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-5762

Description: PHP remote file inclusion vulnerability in forgot_pass.php in Free File Hosting 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: this issue was later reported for the "File Upload System" which is a component of Free File Hosting. This also affects Free Image Hosting 2.0, which contains the same code.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/29874 http://xforce.iss.net/xforce/xfdb/33196 VIM http://www.attrition.org/pipermail/vim/2007-March/001473.html SAID Secunia Advisory: SA22594 OSVDB 30143 MISC http://www.rahim.webd.pl/exploity/Exploits/111.txt MILW0RM http://www.milw0rm.com/exploits/3568 http://milw0rm.com/exploits/2670 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/463707/100/0/threaded BID 20781 23118

Return to the previous page.