Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1149

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-1149
Last Modified 07 Mar 2011 09:32:09
Published 10 Mar 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1149

Summary

PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL Intranet Engine 0.82, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the xrms_file_root parameter, which is not initialized before use.

Vulnerable Systems

Application

  • Owl Intranet Engine 0.6

  • Owl Intranet Engine 0.72

  • Owl Intranet Engine 0.73

  • Owl Intranet Engine 0.8

  • Owl Intranet Engine 0.82


References

XF - owl-intranet-owlapi-file-include(25082)

VUPEN - ADV-2006-0868

OSVDB - 23734

SECUNIA - 19142

MILW0RM - 1561

BID - 17021


Last Updated: 27 May 2016 10:41:56