CVE-2006-0479
CVE-2006-0479
pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS).
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/27147unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0931.htmlhttp://secunia.com/advisories/18634http://securitytracker.com/id?1015550https://exchange.xforce.ibmcloud.com/vulnerabilities/24366https://exchange.xforce.ibmcloud.com/vulnerabilities/24367https://exchange.xforce.ibmcloud.com/vulnerabilities/24368http://www.securityfocus.com/bid/16421http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/http://www.vupen.com/english/advisories/2006/0375