Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2682

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2006-2682
Last Modified 07 Mar 2011 09:36:45
Published 31 May 2006 06:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2682

Summary

PHP remote file inclusion vulnerability in BE_config.php in Back-End CMS 0.7.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _PSL[classdir] parameter.

Vulnerable Systems

Application

  • Back-end Cms 0.7.2.1


References

VUPEN - ADV-2006-1979

SECUNIA - 20292

MILW0RM - 1825

XF - backendcms-beconfig-file-inclusion(26699)


Last Updated: 27 May 2016 10:42:42