Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0687

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-0687
Last Modified 07 Mar 2011 09:30:36
Published 14 Feb 2006 07:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0687

Summary

process.php in DocMGR 0.54.2 does not initialize the $siteModInfo variable when a direct request is made, which allows remote attackers to include arbitrary local files or possibly remote files via a modified includeModule and siteModInfo variable.

Vulnerable Systems

Application

  • Docmgr 0.54.2


References

VUPEN - ADV-2006-0544

SECUNIA - 18803

MISC - http://retrogod.altervista.org/docmgr_0542_incl_xpl.html

XF - docmgr-process-file-include(24694)

BID - 16601

BUGTRAQ - 20060212 DocMGR <= 0.54.2 arbitrary remote inclusion

SREASON - 428


Last Updated: 27 May 2016 10:41:46