Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2158

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2006-2158
Last Modified 07 Mar 2011 09:35:27
Published 03 May 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2158

Summary

Dynamic variable evaluation vulnerability in index.php in Stadtaus Guestbook Script 1.7 and earlier, when register_globals is enabled, allows remote attackers to modify arbitrary program variables via parameters, which are evaluated as PHP variable variables, as demonstrated by performing PHP remote file inclusion using the include_files array parameter.

Vulnerable Systems

Application

  • Stadtaus Guestbook Script 1.7


References

VUPEN - ADV-2006-1660

MISC - http://www.stadtaus.com/forum/t-2600.html

MISC - http://retrogod.altervista.org/gbs_17_xpl_pl.html

XF - guestbook-includefiles-file-include(26252)

BID - 17845

SECUNIA - 19957


Last Updated: 27 May 2016 10:42:21