Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0945

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2006-0945
Last Modified 23 Aug 2011 12:00:00
Published 28 Feb 2006 09:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2006-0945

Summary

PHP remote file include vulnerability in admin/index.php in Archangel Weblog 0.90.02 allows remote authenticated administrators to execute arbitrary PHP code via a URL ending in a NULL (%00) in the index parameter.

Vulnerable Systems

Application

  • Archangelmgt Weblog 0.90.02


References

XF - archangel-index-file-include(25142)

XF - archangel-admin-auth-bypass(24984)

BID - 16848

BUGTRAQ - 20060226 Archangel Weblog 0.90.02 Admin Authentication Bypass & Remote File Inclusion

OSVDB - 23621

SECTRACK - 1015689

XF - archangel-get-gain-access(24984)


Last Updated: 27 May 2016 10:42:34