CVE-2006-2315

by Fred · 11/05/2006

** DISPUTED **

PHP remote file inclusion vulnerability in session.inc.php in ISPConfig 2.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the go_info[server][classes_root] parameter. NOTE: the vendor has disputed this vulnerability, saying that session.inc.php is not under the web root in version 2.2, and register_globals is not enabled.

Date published : 2006-05-11

http://www.securityfocus.com/bid/17909

http://www.securityfocus.com/archive/1/437456/100/200/threaded

CVE-2006-2315

Similar

Recent Posts

Categories

CVE-2006-2315

Share this:

Similar

Recent Posts

Categories

Tags