CVE-2006-6740 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-6740
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-6740

Description: Multiple PHP remote file inclusion vulnerabilities in phpProfiles 3.1.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the menu parameter to (1) include/body.inc.php or (2) include/body_admin.inc.php; or a URL in the incpath parameter to (3) index.inc.php, (4) account.inc.php, (5) admin_newcomm.inc.php, (6) header_admin.inc.php, (7) header.inc.php, (8) friends.inc.php, (9) menu_u.inc.php, (10) notify.inc.php, (11) body.inc.php, (12) body_admin.inc.php, (13) commrecc.inc.php, (14) do_reg.inc.php, (15) comm_post.inc.php, or (16) menu_v.inc.php in include/, different vectors than CVE-2006-5634. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/30997 VIM http://www.attrition.org/pipermail/vim/2007-March/001401.html SAID Secunia Advisory: SA23423 OSVDB 32363 32364 32365 32366 32367 32368 32369 32370 32371 32372 32373 32374 32375 32376 MISC http://www.milw0rm.com/exploits/2956 CONFIRM http://linuxwebshop.com/forum/viewtopic.php?t=40 BID 21667

Return to the previous page.