[Forgot Password]
Login  Register Subscribe

23631

 
 

126998

 
 

101924

 
 

909

 
 

80911

 
 

121

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2006-2516

Date: (C)2006-05-22   (M)2017-10-19 


mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index.php, as demonstrated by injecting PHP sequences into a log file.

CVSS Score: 5.1Access Vector: NETWORK
Exploit Score: 4.9Access Complexity: HIGH
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
BID-18061
EXPLOIT-DB-1811
http://www.securityfocus.com/archive/1/archive/1/434698/100/0/threaded
SECUNIA-20176
OSVDB-25683
SREASON-934
ADV-2006-1895

CWE    1
CWE-22

© 2013 SecPod Technologies