Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3193

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-3193
Last Modified 08 Sep 2011 12:00:00
Published 22 Jun 2006 08:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-3193

Summary

Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS 1.1.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) includes/content/contact_content.php; multiple files in adminpanel/includes/add_forms/ including (2) addbioform.php, (3) addfliersform.php, (4) addgenmerchform.php, (5) addinterviewsform.php, (6) addlinksform.php, (7) addlyricsform.php, (8) addmembioform.php, (9) addmerchform.php, (10) addmerchpicform.php, (11) addnewsform.php, (12) addphotosform.php, (13) addreleaseform.php, (14) addreleasepicform.php, (15) addrelmerchform.php, (16) addreviewsform.php, (17) addshowsform.php, (18) addwearmerchform.php; (19) adminpanel/includes/mailinglist/disphtmltbl.php, and (20) adminpanel/includes/mailinglist/dispxls.php.

Vulnerable Systems

Application

  • Grayscale Bandsite Cms 1.1.1


References

VUPEN - ADV-2006-2462

BID - 18555

OSVDB - 27252

OSVDB - 27251

OSVDB - 27250

OSVDB - 27249

OSVDB - 27248

OSVDB - 27247

OSVDB - 27246

OSVDB - 27245

OSVDB - 27244

OSVDB - 27243

OSVDB - 27242

OSVDB - 27241

OSVDB - 27240

OSVDB - 27239

OSVDB - 27238

OSVDB - 27237

OSVDB - 27236

OSVDB - 27235

OSVDB - 27234

OSVDB - 27233

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=428062

SECUNIA - 20768

MILW0RM - 1933


Last Updated: 27 May 2016 10:42:54