Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2852

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2006-2852
Last Modified 07 Mar 2011 12:00:00
Published 06 Jun 2006 04:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-2852

Summary

PHP remote file inclusion vulnerability in dotWidget CMS 1.0.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file_path parameter in (1) index.php, (2) feedback.php, and (3) printfriendly.php.

Vulnerable Systems

Application

  • Dotwidget Cms 1.0.6


References

XF - dotwidget-filepath-file-include(26918)

VUPEN - ADV-2006-2141

BID - 18258

BUGTRAQ - 20060603 [MajorSecurity #7]dotWidget CMS <= 1.0.6 - Remote File Include Vulnerability

OSVDB - 25982

OSVDB - 25983

OSVDB - 25981

MISC - http://www.majorsecurity.de/advisory/major_rls7.txt

SECTRACK - 1016220

SREASON - 1045

SECUNIA - 20463


Last Updated: 27 May 2016 10:42:46