CVE-2006-2686 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-2686
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-2686

Description: PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[AA_INC_PATH] parameter in (1) cached.php3, (2) cron.php3, (3) discussion.php3, (4) filldisc.php3, (5) filler.php3, (6) fillform.php3, (7) go.php3, (8) hiercons.php3, (9) jsview.php3, (10) live_checkbox.php3, (11) offline.php3, (12) post2shtml.php3, (13) search.php3, (14) slice.php3, (15) sql_update.php3, (16) view.php3, (17) multiple files in the (18) admin/ folder, (19) includes folder, and (20) modules/ folder.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/26776 SAID Secunia Advisory: SA20299 OSVDB 27309 27308 27306 27299 27291 27290 27289 27271 27270 27265 27264 27304 27296 27295 27294 27293 27292 27288 27287 27286 27284 27283 27281 27280 27279 27278 27277 27276 27274 27273 27272 27269 27268 27267 27266 27259 27258 27254 27253 27310 27305 27303 27302 27301 27298 27300 27282 27285 27297 27275 27263 27262 27261 27260 27257 27256 MILW0RM http://milw0rm.com/exploits/1829 BID 19133

Return to the previous page.