CVE-2006-6738

Properties

Published:
25.12.2006
Updated:
26.02.2008
Patch available:
Severity:
Medium
CVSS vector:
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Product:
cwm-design: cwmCounter

Vulnerability description

PHP remote file inclusion vulnerability in statistic.php in cwmCounter 5.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

References:

Milw0rm: http://www.milw0rm.com/exploits/2960
BID: http://www.securityfocus.com/bid/21671
FRSIRT: http://www.frsirt.com/english/advisories/2006/5083
SECUNIA: http://secunia.com/advisories/23442
MILW0RM: http://milw0rm.com/exploits/2960