Vulnerabilities

CVE-2006-2881

by Fred · 07/06/2006

Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the da_path parameter in the (1) auth.cookie.inc.php, (2) auth.header.inc.php, or (3) auth.sessions.inc.php scripts.

Date published : 2006-06-07

http://www.securityfocus.com/bid/18278

http://www.securityfocus.com/archive/1/435991/100/0/threaded

Similar

Tags: Cybersecurity Alert