CVE-2006-2811

EPSS 17.1%

Multiple PHP remote file inclusion vulnerabilities in Cantico Ovidentia 5.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the babInstallPath parameter in (1) index.php, (2) topman.php, (3) approb.php, (4) vacadmb.php, (5) vacadma.php, (6) vacadm.php, (7) statart.php, (8) search.php, (9) posts.php, (10) options.php, (11) login.php, (12) frchart.php, (13) flbchart.php, (14) fileman.php, (15) faq.php, (16) event.php, (17) directory.php, (18) articles.php, (19) artedit.php, (20) calday.php, and additional unspecified PHP scripts. NOTE: the utilit.php vector is already covered by CVE-2005-1964.

Affected products

n/a · n/a

public PoCs found — 8

exploitdbwww.exploit-db.com/exploits/27949unverified exploitdbwww.exploit-db.com/exploits/27956unverified exploitdbwww.exploit-db.com/exploits/27955unverified exploitdbwww.exploit-db.com/exploits/27954unverified exploitdbwww.exploit-db.com/exploits/27953unverified exploitdbwww.exploit-db.com/exploits/27952unverified exploitdbwww.exploit-db.com/exploits/27951unverified exploitdbwww.exploit-db.com/exploits/27950unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://securityreason.com/securityalert/1033 https://exchange.xforce.ibmcloud.com/vulnerabilities/26981 http://www.osvdb.org/27209 http://www.osvdb.org/27211 http://www.osvdb.org/27212 http://www.osvdb.org/27213 http://www.osvdb.org/27214 http://www.osvdb.org/27215 http://www.osvdb.org/27216 http://www.osvdb.org/27217 http://www.osvdb.org/27218 http://www.osvdb.org/27219