CVE-2006-0881

EPSS 7.5%

Multiple PHP remote file include vulnerabilities in gorum/gorumlib.php in Noah's Classifieds 1.3, when register_globals is enabled, allow remote attackers to include arbitrary PHP files via the (1) upperTemplate and (2) lowerTemplate parameters, as demonstrated using the lowerTemplate parameter to index.php.

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/27262unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://securitytracker.com/id?1015667 https://exchange.xforce.ibmcloud.com/vulnerabilities/24899 http://www.kapda.ir/advisory-268.html http://www.securityfocus.com/archive/1/425783/100/0/threaded http://www.securityfocus.com/bid/16780 http://www.vupen.com/english/advisories/2006/0703