Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3554

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3554
Last Modified 07 Mar 2011 09:38:53
Published 12 Jul 2006 08:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3554

Summary

Directory traversal vulnerability in index.php in MKPortal 1.0.1 Final allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by using a gl_session cookie to inject PHP sequences into the error.log file, which is then included by index.php with malicious commands accessible by the ind parameter.

Vulnerable Systems

Application

  • Mkportal 1.0.1 Final


References

SECUNIA - 20884

MISC - http://www.worlddefacers.de/Public/WD-MKP.txt

VUPEN - ADV-2006-2598

BUGTRAQ - 20060628 MKPortal 1.0.1 Final ($ind) File Include Vulnerability (perl)

SECTRACK - 1016403

XF - mkportal-index-file-include(27451)

BID - 18707

SREASON - 1234


Last Updated: 27 May 2016 10:43:02