CVE-2006-0164

phgstats.inc.php in phgstats before 0.5.1, if register_globals is enabled, allows remote attackers to include arbitrary files and execute arbitrary PHP code by modifying the PHGDIR variable.

Date published : 2006-01-11

http://www.securityfocus.com/bid/17469

http://sourceforge.net/project/shownotes.php?release_id=384232