Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0644

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0644
Last Modified 05 Sep 2008 04:59:49
Published 10 Feb 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0644

Summary

Multiple directory traversal vulnerabilities in install.php in CPG-Nuke Dragonfly CMS (aka CPG Dragonfly CMS) 9.0.6.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in (1) the newlang parameter and (2) the installlang parameter in a cookie, as demonstrated by using error.php to insert malicious code into a log file, or uploading a malicious .png file, which is then included using install.php.

Vulnerable Systems

Application

  • Cpg-nuke Dragonfly Cms 9.0.6 .1


References

BID - 16546

BUGTRAQ - 20060208 CPGNuke Dragonfly 9.0.6.1 remote commands execution through arbitrary local inclusion

OSVDB - 23058

SECTRACK - 1015601

MISC - http://retrogod.altervista.org/dragonfly9.0.6.1_incl_xpl.html

CONFIRM - http://dragonflycms.org/Forums/viewtopic/p=98034.html#98034

CONFIRM - http://dragonflycms.org/Forums/viewtopic/p=98034.html

XF - cpg-dragonfly-file-include(24660)


Last Updated: 27 May 2016 10:41:44