CVE-2006-4898

Properties

Published:
18.09.2006
Updated:
22.09.2006
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Product:
guanxiCRM: guanxiCRM Business Solution

Vulnerability description

PHP remote file inclusion vulnerability in include/phpxd/phpXD.php in guanxiCRM 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appconf[rootpath] parameter.

References:

http://www.milw0rm.com/exploits/2381: http://www.milw0rm.com/exploits/2381
BID: http://www.securityfocus.com/bid/20071
XF: http://xforce.iss.net/xforce/xfdb/28994