Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3266

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-3266
Last Modified 07 Mar 2011 09:38:14
Published 27 Jun 2006 05:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-3266

Summary

Multiple PHP remote file inclusion vulnerabilities in Bee-hive Lite 1.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) header parameter to (a) conad/include/rootGui.inc.php and (b) include/rootGui.inc.php; (2) mysqlCall parameter to (c) conad/changeEmail.inc.php, (d) conad/changeUserDetails.inc.php, (e) conad/checkPasswd.inc.php, (f) conad/login.inc.php and (g) conad/logout.inc.php; (3) mysqlcall parameter to (h) include/listall.inc.php; (4) prefix parameter to (i) show/index.php; and (5) config parameter to (j) conad/include/mysqlCall.inc.php.

Vulnerable Systems

Application

  • Magnet Bee-hive Lite 1.2


References

VUPEN - ADV-2006-2516

SECUNIA - 20814

MILW0RM - 1951

XF - beehive-multiple-scripts-file-include(27386)

BID - 18654

OSVDB - 26824

OSVDB - 26823

OSVDB - 26822

OSVDB - 26821

OSVDB - 26820

OSVDB - 26819

OSVDB - 26818

OSVDB - 26817

OSVDB - 26816

OSVDB - 26815


Last Updated: 27 May 2016 10:42:57