Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2768

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-2768
Last Modified 07 Mar 2011 09:36:59
Published 02 Jun 2006 06:18:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2768

Summary

PHP remote file inclusion vulnerability in METAjour 2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) system_path parameter in a large number of files in the (a) app/edocument/, (b) app/eproject/, (c) app/erek/, and (d) extension/ directories, and the (2) GLOBALS[system_path] parameter in (e) extension/sitemap/sitemap.datatype.php.

Vulnerable Systems

Application

  • Ipw Systems Metajour 2.1


References

VUPEN - ADV-2006-2077

BID - 18211

SECUNIA - 20404

MILW0RM - 1855

XF - metajour-systempath-file-include(26892)


Last Updated: 27 May 2016 10:42:45