CVE-2006-0625
CVE-2006-0625
Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file parameter to spip_acces_doc.php3.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/27172unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://retrogod.altervista.org/spip_182g_shell_inj_xpl.htmlhttp://secunia.com/advisories/18676http://securitytracker.com/id?1015602https://exchange.xforce.ibmcloud.com/vulnerabilities/24600http://www.osvdb.org/23086http://www.securityfocus.com/bid/16556http://www.vupen.com/english/advisories/2006/0483