CVE-2006-5911
CVE-2006-5911
Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 2.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) Alias.php, (2) Article.php, (3) ArticleAttachment.php, (4) ArticleComment.php, (5) ArticleData.php, (6) ArticleImage.php, (7) ArticleIndex.php, (8) ArticlePublish.php, (9) ArticleTopic.php, (10) ArticleType.php, (11) ArticleTypeField.php, (12) Attachment.php, (13) Country.php, (14) DatabaseObject.php, (15) Event.php, (16) IPAccess.php, (17) Image.php, (18) Issue.php, (19) IssuePublish.php, (20) Language.php, (21) Log.php, (22) LoginAttempts.php, (23) Publication.php, (24) Section.php, (25) ShortURL.php, (26) Subscription.php, (27) SubscriptionDefaultTime.php, (28) SubscriptionSection.php, (29) SystemPref.php, (30) Template.php, (31) TimeUnit.php, (32) Topic.php, (33) UrlType.php, (34) User.php, and (35) UserType.php in implementation/management/classes/; (36) configuration.php and (37) db_connect.php in implementation/management/; and (38) LocalizerConfig.php and (39) LocalizerLanguage.php in implementation/management/priv/localizer/.
Productos afectados
n/a · n/aPoCs públicas encontradas — 38
exploitdbwww.exploit-db.com/exploits/30003no verificadoexploitdbwww.exploit-db.com/exploits/30004no verificadoexploitdbwww.exploit-db.com/exploits/29966no verificadoexploitdbwww.exploit-db.com/exploits/29967no verificadoexploitdbwww.exploit-db.com/exploits/29968no verificadoexploitdbwww.exploit-db.com/exploits/29969no verificadoexploitdbwww.exploit-db.com/exploits/29970no verificadoexploitdbwww.exploit-db.com/exploits/29971no verificadoexploitdbwww.exploit-db.com/exploits/29972no verificadoexploitdbwww.exploit-db.com/exploits/29973no verificadoexploitdbwww.exploit-db.com/exploits/29974no verificadoexploitdbwww.exploit-db.com/exploits/29975no verificadoexploitdbwww.exploit-db.com/exploits/29976no verificadoexploitdbwww.exploit-db.com/exploits/29977no verificadoexploitdbwww.exploit-db.com/exploits/29978no verificadoexploitdbwww.exploit-db.com/exploits/29979no verificadoexploitdbwww.exploit-db.com/exploits/29981no verificadoexploitdbwww.exploit-db.com/exploits/29980no verificadoexploitdbwww.exploit-db.com/exploits/29982no verificadoexploitdbwww.exploit-db.com/exploits/29983no verificadoexploitdbwww.exploit-db.com/exploits/29984no verificadoexploitdbwww.exploit-db.com/exploits/30005no verificadoexploitdbwww.exploit-db.com/exploits/30006no verificadoexploitdbwww.exploit-db.com/exploits/29985no verificadoexploitdbwww.exploit-db.com/exploits/29986no verificadoexploitdbwww.exploit-db.com/exploits/29987no verificadoexploitdbwww.exploit-db.com/exploits/29988no verificadoexploitdbwww.exploit-db.com/exploits/29989no verificadoexploitdbwww.exploit-db.com/exploits/29990no verificadoexploitdbwww.exploit-db.com/exploits/29991no verificadoexploitdbwww.exploit-db.com/exploits/29992no verificadoexploitdbwww.exploit-db.com/exploits/29993no verificadoexploitdbwww.exploit-db.com/exploits/29994no verificadoexploitdbwww.exploit-db.com/exploits/29995no verificadoexploitdbwww.exploit-db.com/exploits/29996no verificadoexploitdbwww.exploit-db.com/exploits/29997no verificadoexploitdbwww.exploit-db.com/exploits/29998no verificadoexploitdbwww.exploit-db.com/exploits/29999no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://code.campware.org/projects/campsite/changeset/6057http://code.campware.org/projects/campsite/changeset/6058http://code.campware.org/projects/campsite/query?milestone=2.6.2http://code.campware.org/projects/campsite/ticket/2349http://sourceforge.net/project/shownotes.php?release_id=459574&group_id=66936http://www.osvdb.org/34187http://www.osvdb.org/34188http://www.osvdb.org/34189http://www.osvdb.org/34190http://www.osvdb.org/34191http://www.osvdb.org/34192http://www.osvdb.org/34193