Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3069

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3069
Last Modified 05 Sep 2008 05:06:10
Published 19 Jun 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3069

Summary

** DISPUTED ** PHP remote file inclusion vulnerability in DoubleSpeak 0.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the config[private] parameter in multiple files, as demonstrated by (1) index.php, (2) faq.php, and (3) hardware.php. NOTE: this issue has been disputed by multiple third-party researchers, who state that config[private] is initialized in an include file before being used.

Vulnerable Systems

Application

  • Iglooweb Doublespeak 0.1


References

BID - 18401

OSVDB - 27436

SECTRACK - 1016278

VIM - 20060723 Igloo DoublSpeak vuln

BUGTRAQ - 20060612 Re: igloo DoubleSpeak v 0.1 Multiple remote file inclusion


Last Updated: 27 May 2016 10:42:52