Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0565

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0565
Last Modified 23 Aug 2011 12:00:00
Published 06 Feb 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0565

Summary

PHP remote file include vulnerability in inc/backend_settings.php in Loudblog 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the $GLOBALS[path] parameter.

Vulnerable Systems

Application

  • Gerrit Van Aaken Loudblog 0.1

  • Gerrit Van Aaken Loudblog 0.2

  • Gerrit Van Aaken Loudblog 0.3

  • Gerrit Van Aaken Loudblog 0.4


References

XF - louadblog-backendsettings-file-include(24479)

VUPEN - ADV-2006-0441

BID - 16495

BUGTRAQ - 20060204 LoudBlog <= 0.4 arbitrary remote inclusion

OSVDB - 22921

SECTRACK - 1015583

SREASON - 556

SREASON - 410

SECUNIA - 18722

MISC - http://retrogod.altervista.org/loudblog_04_incl_xpl.html

XF - loudblog-backendsettings-file-include(24479)


Last Updated: 27 May 2016 10:42:34