Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3532

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-3532
Last Modified 05 Sep 2008 05:07:23
Published 12 Jul 2006 05:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-3532

Summary

PHP file inclusion vulnerability in includes/edit_new.php in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a FTP URL or full file path in the Paths[extensions_path] parameter.

Vulnerable Systems

Application

  • Pivot 1.30 Rc2


References

BID - 18881

BUGTRAQ - 20060707 Pivot <=1.30rc2 privilege escalation / remote commands execution

SECUNIA - 20962

MISC - http://retrogod.altervista.org/pivot_130RC2_xpl.html

XF - pivot-editnew-file-include(27679)

OSVDB - 27512

SREASON - 1214


Last Updated: 27 May 2016 10:43:02