Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1610

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-1610
Last Modified 22 Aug 2011 12:00:00
Published 04 Apr 2006 06:04:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-1610

Summary

PHP remote file inclusion vulnerability in lib/armygame.php in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter. NOTE: this only occurs when register_globals is disabled.

Vulnerable Systems

Application

  • Squery 4.5


References

XF - squery-file-include(25605)

VUPEN - ADV-2006-1204

BID - 17434

BUGTRAQ - 20060401 SQuery <= 4.5 Remote File Inclusion Exploit

OSVDB - 24400

SECUNIA - 19482

MILW0RM - 1629


Last Updated: 27 May 2016 10:42:09