Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3571

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-3571
Last Modified 23 Aug 2011 12:00:00
Published 16 Nov 2005 02:42:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3571

Summary

PHP file inclusion vulnerability in protection.php in CodeGrrl (a) PHPCalendar 1.0, (b) PHPClique 1.0, (c) PHPCurrently 2.0, (d) PHPFanBase 2.1, and (e) PHPQuotes 1.0 allows remote attackers to include arbitrary local files via the siteurl parameter when register_globals is enabled. NOTE: It was later reported that PHPFanBase 2.2 is also affected.

Vulnerable Systems

Application

  • Codegrrl Phpcalendar 1.0

  • Codegrrl Phpclique 1.0

  • Codegrrl Phpcurrently 2.0

  • Codegrrl Phpfanbase 2.2

  • Codegrrl Phpquotes 1.0


References

VUPEN - ADV-2005-2402

BID - 21664

BID - 15417

SECTRACK - 1015206

SREASON - 176

SECUNIA - 17542

BUGTRAQ - 20051113 PHPCalendar (and some more codegrrl.com products) arbitrary code


Last Updated: 27 May 2016 10:40:58