[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-3193Date: (C)2006-06-22   (M)2023-12-22


Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS 1.1.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) includes/content/contact_content.php; multiple files in adminpanel/includes/add_forms/ including (2) addbioform.php, (3) addfliersform.php, (4) addgenmerchform.php, (5) addinterviewsform.php, (6) addlinksform.php, (7) addlyricsform.php, (8) addmembioform.php, (9) addmerchform.php, (10) addmerchpicform.php, (11) addnewsform.php, (12) addphotosform.php, (13) addreleaseform.php, (14) addreleasepicform.php, (15) addrelmerchform.php, (16) addreviewsform.php, (17) addshowsform.php, (18) addwearmerchform.php; (19) adminpanel/includes/mailinglist/disphtmltbl.php, and (20) adminpanel/includes/mailinglist/dispxls.php.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.1
Exploit Score: 4.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-18555
EXPLOIT-DB-1933
SECUNIA-20768
OSVDB-27233
OSVDB-27234
OSVDB-27235
OSVDB-27236
OSVDB-27237
OSVDB-27238
OSVDB-27239
OSVDB-27240
OSVDB-27241
OSVDB-27242
OSVDB-27243
OSVDB-27244
OSVDB-27245
OSVDB-27246
OSVDB-27247
OSVDB-27248
OSVDB-27249
OSVDB-27250
OSVDB-27251
OSVDB-27252
ADV-2006-2462
http://sourceforge.net/project/shownotes.php?release_id=428062

CWE    1
CWE-94

© SecPod Technologies