Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2507

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2507
Last Modified 07 Mar 2011 09:36:19
Published 22 May 2006 03:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2507

Summary

Multiple PHP remote file inclusion vulnerabilities in Teake Nutma Foing 0.2.0 through 0.7.0, as used with phpBB, allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) index.php, (2) song.php, (3) faq.php, (4) list.php, (5) gen_m3u.php, and (6) playlist.php.

Vulnerable Systems

Application

  • Teake Nutma Foing 0.2.0

  • Teake Nutma Foing 0.3.0

  • Teake Nutma Foing 0.4.0

  • Teake Nutma Foing 0.5.0

  • Teake Nutma Foing 0.6.0

  • Teake Nutma Foing 0.7.0


References

XF - foing-phpbb-multiple-file-include(26425)

VUPEN - ADV-2006-1793

BID - 17963

BUGTRAQ - 20060512 [Kurdish Security # 7] Foing Remote File Include Vulnerability [PHPBB]

SECUNIA - 20092

MISC - http://kurdishsecurity.blogspot.com/2006/05/kurdish-security-7-foing-remote-file.html

BUGTRAQ - 20060529 Foing Remote File Include Vulnerability [PHPBB]

OSVDB - 25564

SREASON - 932


Last Updated: 27 May 2016 10:42:39