QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2006-3266

Back to search

CVE-2006-3266

Published: Jun 27, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple PHP remote file inclusion vulnerabilities in Bee-hive Lite 1.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) header parameter to (a) conad/include/rootGui.inc.php and (b) include/rootGui.inc.php; (2) mysqlCall parameter to (c) conad/changeEmail.inc.php, (d) conad/changeUserDetails.inc.php, (e) conad/checkPasswd.inc.php, (f) conad/login.inc.php and (g) conad/logout.inc.php; (3) mysqlcall parameter to (h) include/listall.inc.php; (4) prefix parameter to (i) show/index.php; and (5) config parameter to (j) conad/include/mysqlCall.inc.php.

VendorProductVersions

n/a

n/a

affected
n/a

References

26822
vdb-entry
x_refsource_OSVDB
26819
vdb-entry
x_refsource_OSVDB
18654
vdb-entry
x_refsource_BID
26818
vdb-entry
x_refsource_OSVDB
ADV-2006-2516
vdb-entry
x_refsource_VUPEN
26824
vdb-entry
x_refsource_OSVDB
20814
third-party-advisory
x_refsource_SECUNIA
26815
vdb-entry
x_refsource_OSVDB
26821
vdb-entry
x_refsource_OSVDB
1951
exploit
x_refsource_EXPLOIT-DB
26820
vdb-entry
x_refsource_OSVDB
26816
vdb-entry
x_refsource_OSVDB
26817
vdb-entry
x_refsource_OSVDB
26823
vdb-entry
x_refsource_OSVDB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now