CVE-2006-2608

by Fred · 25/05/2006

artmedic newsletter 4.1 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the logfile parameter in a direct request to log.php, which causes the $logfile variable to be redefined to an attacker-controlled value, as demonstrated by injecting PHP code into info.php.

Date published : 2006-05-25

http://www.securityfocus.com/bid/18047

http://www.securityfocus.com/archive/1/434738/100/0/threaded

CVE-2006-2608

Similar

Recent Posts

Categories

CVE-2006-2608

Share this:

Similar

Recent Posts

Categories

Tags