Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2811

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2811
Last Modified 05 Sep 2008 05:05:30
Published 05 Jun 2006 01:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2811

Summary

Multiple PHP remote file inclusion vulnerabilities in Cantico Ovidentia 5.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the babInstallPath parameter in (1) index.php, (2) topman.php, (3) approb.php, (4) vacadmb.php, (5) vacadma.php, (6) vacadm.php, (7) statart.php, (8) search.php, (9) posts.php, (10) options.php, (11) login.php, (12) frchart.php, (13) flbchart.php, (14) fileman.php, (15) faq.php, (16) event.php, (17) directory.php, (18) articles.php, (19) artedit.php, (20) calday.php, and additional unspecified PHP scripts. NOTE: the utilit.php vector is already covered by CVE-2005-1964.

Vulnerable Systems

Application

  • Cantico Ovidentia 5.8.0


References

BUGTRAQ - 20060531 multiple file inclusion exploits in ovidentia v5.8.0

XF - ovidentia-multiple-scripts-file-include(26981)

BID - 18232

BUGTRAQ - 20070209 Ovidentia Exploit Codeds

BUGTRAQ - 20070114 Ovidentia 5.6x Series Remote File İnclude

OSVDB - 27229

OSVDB - 27228

OSVDB - 27227

OSVDB - 27226

OSVDB - 27225

OSVDB - 27224

OSVDB - 27223

OSVDB - 27222

OSVDB - 27221

OSVDB - 27220

OSVDB - 27219

OSVDB - 27218

OSVDB - 27217

OSVDB - 27216

OSVDB - 27215

OSVDB - 27214

OSVDB - 27213

OSVDB - 27212

OSVDB - 27211

OSVDB - 27209

SREASON - 1033


Last Updated: 27 May 2016 10:42:46