Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1203

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-1203
Last Modified 05 Sep 2008 05:01:17
Published 13 Mar 2006 08:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1203

Summary

PHP remote file include vulnerability in common.php in txtForum 1.0.4-dev and earlier allows remote attackers to include and execute arbitrary PHP code via a URL in the skin parameter to login.php, and possibly other parameters to other PHP scripts, related to include statements in common.php.

Vulnerable Systems

Application

  • Txtforum 1.0.4 Dev


References

BUGTRAQ - 20060309 txtForum: Script Injection Vulnerability

MISC - http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-004.txt

XF - txtforum-login-file-include(25131)

BID - 17061

OSVDB - 23952


Last Updated: 27 May 2016 10:41:58