CVE-2006-5816

Properties

Published:
07.11.2006
Updated:
22.10.2018
Patch available:
Severity:
High
CVSS vector:
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Product:
dmitry_sheiko: business_card_web_builder

Vulnerability description

Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko Business Card Web Builder (BCWB) 2.5 allow remote attackers to execute arbitrary PHP code via a URL in the root_path_admin parameter to (1) /include/startup.inc.php, (2) dcontent/default.css.php, or (3) system/default.css.php, different vectors than CVE-2006-4946.

References:

SREASON: http://securityreason.com/securityalert/1836
BUGTRAQ: http://www.securityfocus.com/archive/1/450069/100/100/threaded
XF: https://exchange.xforce.ibmcloud.com/vulnerabilities/29905