Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0479

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-0479
Last Modified 07 Mar 2011 09:30:08
Published 31 Jan 2006 06:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-0479

Summary

pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS).

Vulnerable Systems

Application

  • Pmwiki 2.1 Beta 20


References

XF - pmwiki-multiple-xss(24368)

XF - pmwiki-file-include(24367)

XF - pmwiki-path-disclosure(24366)

VUPEN - ADV-2006-0375

MISC - http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/

BID - 16421

SECTRACK - 1015550

SECUNIA - 18634

FULLDISC - 20060128 PmWiki Multiple Vulnerabilities


Last Updated: 27 May 2016 10:41:40