Back to search
CVE-2006-2424
Published: May 17, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
PHP remote file inclusion vulnerability in ezUserManager 1.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the ezUserManager_Path parameter to ezusermanager_pwd_forgott.php, possibly due to an issue in ezusermanager_core.inc.php.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.ezusermanager.com/security.php
x_refsource_CONFIRM
1795
exploit
x_refsource_EXPLOIT-DB
ezusermanager-coreinc-file-include(26470)
vdb-entry
x_refsource_XF
17998
vdb-entry
x_refsource_BID
25540
vdb-entry
x_refsource_OSVDB
20103
third-party-advisory
x_refsource_SECUNIA
ADV-2006-1826
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now