CVE-2006-6739

Properties

Published:
25.12.2006
Updated:
26.02.2008
Patch available:
Severity:
Medium
CVSS vector:
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Product:
Paristemi: Paristemi

Vulnerability description

PHP remote file inclusion vulnerability in buycd.php in Paristemi 0.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the HTTP_DOCUMENT_ROOT parameter, a different vector than CVE-2006-6689.

References:

Milw0rm: http://www.milw0rm.com/exploits/2955
BID: http://www.securityfocus.com/bid/21665
MILW0RM: http://milw0rm.com/exploits/2955