Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2578

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-2578
Last Modified 07 Mar 2011 09:36:32
Published 24 May 2006 07:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2578

Summary

admin/cron.php in eSyndicat Directory 1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files and possibly execute arbitrary PHP code via a null-terminated value in the path_to_config parameter.

Vulnerable Systems

Application

  • Esyndicat Directory 1.2


References

VUPEN - ADV-2006-1983

XF - esyndicat-directory-cron-file-include(26663)

SECUNIA - 20218

MISC - http://pridels0.blogspot.com/2006/05/esyndicat-directory-software-local.html


Last Updated: 27 May 2016 10:42:40