Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2735

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-2735
Last Modified 07 Mar 2011 09:36:53
Published 01 Jun 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2735

Summary

PHP remote file inclusion vulnerability in language/lang_english/lang_activity.php in Activity MOD Plus (Amod) 1.1.0, as used with phpBB when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: This is a similar vulnerability to CVE-2006-2507.

Vulnerable Systems

Application

  • Activity Mod Plus 1.1.0


References

SECUNIA - 20354

VUPEN - ADV-2006-2045

BUGTRAQ - 20060529 RE: Advisory: Blend Portal <= 1.2.0 for phpBB 2.x(blend_data/blend_common.php) File Inclusion Vulnerability

BUGTRAQ - 20060528 Advisory: phpBB 2.x (Activity MOD Plus) File InclusionVulnerability.

MISC - http://www.nukedx.com/?viewdoc=38

MISC - http://www.nukedx.com/?getxpl=38

CONFIRM - http://phpbb-tweaks.com/topics.html-p-17623#17623

XF - activitymodplus-multiple-file-include(26857)

BID - 18155

OSVDB - 25821

SREASON - 1001

FULLDISC - 20060528 Advisory: phpBB 2.x (Activity MOD Plus) File Inclusion Vulnerability.


Last Updated: 27 May 2016 10:42:44