[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97559

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2006-2516

Date: (C)2006-05-22   (M)2017-10-19
 
CVSS Score: 5.1Access Vector: NETWORK
Exploitability Subscore: 4.9Access Complexity: HIGH
Impact Subscore: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL











mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index.php, as demonstrated by injecting PHP sequences into a log file.

Reference:
BID-18061
EXPLOIT-DB-1811
http://www.securityfocus.com/archive/1/archive/1/434698/100/0/threaded
SECUNIA-20176
OSVDB-25683
SREASON-934
ADV-2006-1895

CWE    1
CWE-22

© 2013 SecPod Technologies