Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3421

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-3421
Last Modified 05 Sep 2008 05:07:06
Published 06 Jul 2006 08:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-3421

Summary

PHP remote file inclusion vulnerability in SmartSiteCMS 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the root parameter in (1) comment.php, (2) admin/comedit.php, (3) admin/test.php, (4) admin/index.php, and (5) admin/include/inc_adminfoot.php, a different set of vectors than CVE-2006-3162.

Vulnerable Systems

Application

  • Smartsitecms 1.0


References

BUGTRAQ - 20060627 smartsite cms v1.0 Remote File include

OSVDB - 26751

OSVDB - 26750

OSVDB - 26749

OSVDB - 26748

SECTRACK - 1016411

BID - 18697

OSVDB - 26752

SREASON - 1198


Last Updated: 27 May 2016 10:43:00