QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2006-5421

Back to search

CVE-2006-5421

Published: Oct 20, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

WSN Forum 1.3.4 and earlier allows remote attackers to execute arbitrary PHP code via a modified pathname in the pathtoconfig parameter that points to an avatar image that contains PHP code, which is then accessed from prestart.php. NOTE: this issue has been labeled remote file inclusion, but that label only applies to the attack, not the underlying vulnerability.

VendorProductVersions

n/a

n/a

affected
n/a

References

ADV-2006-4081
vdb-entry
x_refsource_VUPEN
22360
third-party-advisory
x_refsource_SECUNIA
20586
vdb-entry
x_refsource_BID
2583
exploit
x_refsource_EXPLOIT-DB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now