Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0325

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0325
Last Modified 08 Dec 2011 12:00:00
Published 20 Jan 2006 04:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0325

Summary

Etomite Content Management System 0.6, and possibly earlier versions, when downloaded from the web site in January 2006 after January 10, contains a back door in manager/includes/todo.inc.php, which allows remote attackers to execute arbitrary commands via the "cij" parameter.

Vulnerable Systems

Application

  • Etomite 0.6


References

XF - etomite-default-backdoor(24254)

SECUNIA - 18556

VUPEN - ADV-2006-0283

BID - 16336

BUGTRAQ - 20060130 Etomite followup information

BUGTRAQ - 20060127 Etomite CMS

OSVDB - 22693

MISC - http://www.lucaercoli.it/advs/etomite.txt

CONFIRM - http://www.etomite.org/forums/index.php?showtopic=4291

CONFIRM - http://www.etomite.org/forums/index.php?showtopic=4185

BUGTRAQ - 20060127 Etomite CMS "Backdoored"


Last Updated: 27 May 2016 10:44:52