Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1154

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-1154
Last Modified 23 Aug 2011 12:00:00
Published 10 Mar 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1154

Summary

PHP remote file inclusion vulnerability in archive.php in Fantastic News 2.1.2 allows remote attackers to include arbitrary files via the CONFIG[script_path] variable. NOTE: 2.1.4 was also reported to be vulnerable.

Vulnerable Systems

Application

  • Fscripts Fantastic News 2.1.1

  • Fscripts Fantastic News 2.1.2

  • Fscripts Fantastic News 2.1.4


References

XF - fantasticnews-configscriptpath-file-include(31121)

XF - fantasticnews-archive-file-include(25064)

VUPEN - ADV-2006-3513

VUPEN - ADV-2006-0826

BID - 21796

BID - 16985

MILW0RM - 3027

MISC - http://sx02.coresec.de/advisories/152.txt

SECUNIA - 23519

SECUNIA - 21807


Last Updated: 27 May 2016 10:41:56