Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3107


Vulnerability Score 5.1 5.1
CVE Id CVE-2006-3107
Last Modified 05 Sep 2008 05:06:15
Published 20 Jun 2006 09:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE



Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) GLOBALS[where_framework] to (a) admin/modules/news/news_class.php and (b) admin/modules/content/content_class.php, and (2) GLOBALS[where_cms] to (c) admin/modules/block_media/ NOTE: this issue might be resultant from a global overwrite vulnerability. This issue is similar to CVE-2006-2576, but the vectors are different.

Vulnerable Systems


  • Docebo 3.0.3


OSVDB - 26709

OSVDB - 26708

OSVDB - 26707

SECTRACK - 1016259

XF - docebo-multiple-file-include(26633)

Last Updated: 27 May 2016 10:42:53