Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2922

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-2922
Last Modified 07 Mar 2011 09:37:18
Published 09 Jun 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2922

Summary

Multiple PHP remote file inclusion vulnerabilities in MiraksGalerie 2.62 allow remote attackers to execute arbitrary PHP code via a URL in the (1) g_pcltar_lib_dir parameter in (a) pcltar.lib.php when register_globals is enabled, and (2) listconfigfile[] parameter in (b) galsecurity.lib.php and (c) galimage.lib.php.

Vulnerable Systems

Application

  • Miraksgalerie 2.62


References

VUPEN - ADV-2006-2187

BUGTRAQ - 20060607 MiraksGalerie <= 2.62 Multiple Remote command execution

SECUNIA - 20475

XF - miraksgalerie-multiple-file-include(27010)

BID - 18313

OSVDB - 26196

OSVDB - 26195

OSVDB - 26194

SECTRACK - 1016249


Last Updated: 27 May 2016 10:42:48