CVE-2006-4719

Properties

Published:
11.09.2006
Updated:
20.10.2017
Patch available:
Severity:
Medium
CVSS vector:
(AV:N/AC:H/Au:N/C:P/I:P/A:P)
Product:
myabracadaweb: myabracadaweb

Vulnerability description

Multiple PHP remote file inclusion vulnerabilities in MyABraCaDaWeb 1.0.3, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) index.php or (2) pop.php.

References:

VIM: http://attrition.org/pipermail/vim/2006-September/001027.html
BID: http://www.securityfocus.com/bid/19944
VUPEN: http://www.vupen.com/english/advisories/2006/3544
XF: https://exchange.xforce.ibmcloud.com/vulnerabilities/28851
EXPLOIT-DB: https://www.exploit-db.com/exploits/2335