CVE-2006-3193
CVE-2006-3193
Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS 1.1.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) includes/content/contact_content.php; multiple files in adminpanel/includes/add_forms/ including (2) addbioform.php, (3) addfliersform.php, (4) addgenmerchform.php, (5) addinterviewsform.php, (6) addlinksform.php, (7) addlyricsform.php, (8) addmembioform.php, (9) addmerchform.php, (10) addmerchpicform.php, (11) addnewsform.php, (12) addphotosform.php, (13) addreleaseform.php, (14) addreleasepicform.php, (15) addrelmerchform.php, (16) addreviewsform.php, (17) addshowsform.php, (18) addwearmerchform.php; (19) adminpanel/includes/mailinglist/disphtmltbl.php, and (20) adminpanel/includes/mailinglist/dispxls.php.
Productos afectados
n/a · n/aPoCs públicas encontradas — 1
cve_referencewww.exploit-db.com/exploits/1933no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://secunia.com/advisories/20768http://sourceforge.net/project/shownotes.php?release_id=428062https://www.exploit-db.com/exploits/1933http://www.osvdb.org/27233http://www.osvdb.org/27234http://www.osvdb.org/27235http://www.osvdb.org/27236http://www.osvdb.org/27237http://www.osvdb.org/27238http://www.osvdb.org/27239http://www.osvdb.org/27240http://www.osvdb.org/27241