|
|
CVE Reference: CVE-2006-6740 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-6740 |
|
|
Description: Multiple PHP remote file inclusion vulnerabilities in phpProfiles 3.1.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the menu parameter to (1) include/body.inc.php or (2) include/body_admin.inc.php; or a URL in the incpath parameter to (3) index.inc.php, (4) account.inc.php, (5) admin_newcomm.inc.php, (6) header_admin.inc.php, (7) header.inc.php, (8) friends.inc.php, (9) menu_u.inc.php, (10) notify.inc.php, (11) body.inc.php, (12) body_admin.inc.php, (13) commrecc.inc.php, (14) do_reg.inc.php, (15) comm_post.inc.php, or (16) menu_v.inc.php in include/, different vectors than CVE-2006-5634. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/30997 VIM http://www.attrition.org/pipermail/vim/2007-March/001401.html SAID Secunia Advisory: SA23423 OSVDB 32363 32364 32365 32366 32367 32368 32369 32370 32371 32372 32373 32374 32375 32376 MISC http://www.milw0rm.com/exploits/2956 CONFIRM http://linuxwebshop.com/forum/viewtopic.php?t=40 BID 21667 |
|
| Return to the previous page. |
