Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2730

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-2730
Last Modified 07 Mar 2011 09:36:52
Published 01 Jun 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2730

Summary

PHP remote file inclusion vulnerability in admin/lib_action_step.php in Hot Open Tickets (HOT) 11012004_ver2f, when register_globals is enabled, allows remote attackers to include arbitrary files via the GLOBALS[CLASS_PATH] parameter. NOTE: this issue might be resultant from a global overwrite vulnerability.

Vulnerable Systems

Application

  • Hot Open Tickets 2f 2004-11-01


References

VUPEN - ADV-2006-2022

BID - 18137

SECUNIA - 20331

MILW0RM - 1835

XF - hot-classpath-file-include(26934)


Last Updated: 27 May 2016 10:42:44