Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2872

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2872
Last Modified 05 Sep 2008 05:05:39
Published 06 Jun 2006 04:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2872

Summary

PHP remote file inclusion vulnerability in config.php in Rumble 1.02 allows remote attackers to execute arbitrary PHP code via a URL in the configArr[pathtodir] parameter.

Vulnerable Systems

Application

  • Rumble 1.02


References

BUGTRAQ - 20060604 # MHG Security Team ---Rumble 1.02 version Remote File Inc.

VIM - 20060605 # MHG Security Team ---Rumble 1.02 version Remote File Inc.

XF - rumble-config-file-include(26930)

SREASON - 1050


Last Updated: 27 May 2016 10:42:48