CVE-2006-6763

Properties

Published:
25.12.2006
Updated:
26.12.2006
Patch available:

Vulnerability description

Multiple PHP remote file inclusion vulnerabilities in the Keep It Simple Guest Book (KISGB) allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_to_themes parameter in (a) authenticate.php, and the (2) default_path_for_themes parameter in (b) admin.php and (c) upconfig.php.

References:

BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/455198/100/0/threaded
http://www.security.nnov.ru/Pdocument470.html: http://www.security.nnov.ru/Pdocument470.html