Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2736

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-2736
Last Modified 07 Mar 2011 09:36:53
Published 01 Jun 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2736

Summary

PHP remote file inclusion vulnerability in blend_data/blend_common.php in Blend Portal 1.2.0, as used with phpBB when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: This is a similar vulnerability to CVE-2006-2507.

Vulnerable Systems

Application

  • Phpbb-portal Blend Portal 1.2.0


References

SECUNIA - 20350

VUPEN - ADV-2006-2044

BID - 18153

BUGTRAQ - 20060529 RE: Advisory: Blend Portal <= 1.2.0 for phpBB 2.x(blend_data/blend_common.php) File Inclusion Vulnerability

BUGTRAQ - 20060528 Advisory: Blend Portal <= 1.2.0 for phpBB 2.x(blend_data/blend_common.php) File Inclusion Vulnerability

MISC - http://www.nukedx.com/?viewdoc=41

MISC - http://www.nukedx.com/?getxpl=41

CONFIRM - http://phpbb-tweaks.com/topics.html-p-17623#17623

XF - blendportal-phpbb-file-include(26890)

SREASON - 1001


Last Updated: 27 May 2016 10:42:44