Back to search
CVE-2006-5507
Published: Oct 25, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple PHP remote file inclusion vulnerabilities in Der Dirigent (DeDi) 1.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg_dedi[dedi_path] parameter in (1) find.php, (2) insert_line.php, (3) fullscreen.php, (4) changecase.php, (5) insert_link.php, (6) insert_table.php, (7) table_cellprop.php, (8) table_prop.php, (9) table_rowprop.php, (10) insert_page.php, and possibly insert_marquee.php in backend/external/wysiswg/popups/.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
29957
vdb-entry
x_refsource_OSVDB
der-dirigent-cfgdedi-file-include(29760)
vdb-entry
x_refsource_XF
29951
vdb-entry
x_refsource_OSVDB
ADV-2006-4164
vdb-entry
x_refsource_VUPEN
20702
vdb-entry
x_refsource_BID
29952
vdb-entry
x_refsource_OSVDB
29954
vdb-entry
x_refsource_OSVDB
29955
vdb-entry
x_refsource_OSVDB
29950
vdb-entry
x_refsource_OSVDB
29958
vdb-entry
x_refsource_OSVDB
29953
vdb-entry
x_refsource_OSVDB
29956
vdb-entry
x_refsource_OSVDB
29959
vdb-entry
x_refsource_OSVDB
http://packetstormsecurity.org/0610-exploits/Derdirigent.txt
x_refsource_MISC
22546
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now