Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1994

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-1994
Last Modified 07 Mar 2011 09:34:45
Published 25 Apr 2006 08:50:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1994

Summary

PHP remote file inclusion vulnerability in dForum 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DFORUM_PATH parameter to (1) about.php, (2) admin.php, (3) anmelden.php, (4) losethread.php, (5) config.php, (6) delpost.php, (7) delthread.php, (8) dfcode.php, (9) download.php, (10) editanoc.php, (11) forum.php, (12) login.php, (13) makethread.php, (14) menu.php, (15) newthread.php, (16) openthread.php, (17) overview.php, (18) post.php, (19) suchen.php, (20) user.php, (21) userconfig.php, (22) userinfo.php, and (23) verwalten.php.

Vulnerable Systems

Application

  • Dforum 1.5


References

VUPEN - ADV-2006-1482

BID - 17650

BUGTRAQ - 20060421 dForum <= 1.5 Multiple Remote File Inclusion Vulnerabilities.

MISC - http://www.nukedx.com/?viewdoc=27

SECUNIA - 19788

XF - dforum-dforumpath-parameter-file-include(26035)


Last Updated: 27 May 2016 10:42:17