Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2576

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-2576
Last Modified 07 Mar 2011 09:36:32
Published 24 May 2006 07:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2576

Summary

Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) GLOBALS[where_framework] to (a) lib.simplesel.php, (b) lib.filelist.php, (c) tree.documents.php, (d) lib.repo.php, and (e) lib.php, and (2) GLOBALS[where_scs] to (f) lib.teleskill.php. NOTE: this issue might be resultant from a global overwrite vulnerability.

Vulnerable Systems

Application

  • Docebo 3.0.3


References

VUPEN - ADV-2006-1935

SECUNIA - 20260

MILW0RM - 1817

XF - docebo-multiple-file-include(26633)

OSVDB - 26711

OSVDB - 25757

BUGTRAQ - 20060609 Docebo Kms 3.0.3, Remote command execution


Last Updated: 27 May 2016 10:42:40