Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2286

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2006-2286
Last Modified 08 Sep 2011 12:00:00
Published 09 May 2006 10:14:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-2286

Summary

Multiple PHP remote file inclusion vulnerabilities in claro_init_global.inc.php in Dokeos 1.6.3 and earlier, and Dokeos community release 2.0.3, allow remote attackers to execute arbitrary PHP code via a URL in the (1) rootSys and (2) clarolineRepositorySys parameters, and possibly the (3) lang_path, (4) extAuthSource, (5) thisAuthSource, (6) main_configuration_file_path, (7) phpDigIncCn, and (8) drs parameters to (a) testheaderpage.php and (b) resourcelinker.inc.php.

Vulnerable Systems

Application

  • Dokeos 1.6.3

  • Dokeos Community Release 2.0.3


References

XF - dokeos-multiple-file-include(25740)

VUPEN - ADV-2006-1303

CONFIRM - http://www.dokeos.com/wiki/index.php/Security

CONFIRM - http://www.dokeos.com/forum/viewtopic.php?t=6848

SECUNIA - 19576


Last Updated: 27 May 2016 10:42:24