QwikSec

Security Database

CVE

CWE

Training

CVE-2006-5768

Published: Nov 6, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple PHP remote file inclusion vulnerabilities in Cyberfolio 2.0 RC1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the av parameter to (1) msg/view.php, (2) msg/inc_message.php, (3) msg/inc_envoi.php, and (4) admin/incl_voir_compet.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://advisories.echo.or.id/adv/adv58-theday-2006.txt

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

exploit

x_refsource_EXPLOIT-DB

http://translate.google.com/translate?hl=en&sl=fr&u=http://www.cyberfolio.org/

x_refsource_MISC

vdb-entry

x_refsource_SECTRACK

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_OSVDB

20061106 [ECHO_ADV_58_2006]Cyberfolio <=2.0 RC1 $av Remote File Inclusion

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_OSVDB

cyberfolio-av-file-include(30033)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.