Back to search
CVE-2006-0479
Published: Jan 31, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS).
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20060128 PmWiki Multiple Vulnerabilities
mailing-list
x_refsource_FULLDISC
pmwiki-multiple-xss(24368)
vdb-entry
x_refsource_XF
18634
third-party-advisory
x_refsource_SECUNIA
http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/
x_refsource_MISC
pmwiki-file-include(24367)
vdb-entry
x_refsource_XF
1015550
vdb-entry
x_refsource_SECTRACK
16421
vdb-entry
x_refsource_BID
ADV-2006-0375
vdb-entry
x_refsource_VUPEN
pmwiki-path-disclosure(24366)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now