QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2006-6390

Back to search

CVE-2006-6390

Published: Dec 8, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[db_type] parameter to (1) categories.php, (2) couriers.php, (3) orders.php, and (4) products.php in actions_admin/; and (5) orders.php and (6) products.php in actions_client/; as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by one of these PHP scripts.

VendorProductVersions

n/a

n/a

affected
n/a

References

ADV-2006-4835
vdb-entry
x_refsource_VUPEN
2889
exploit
x_refsource_EXPLOIT-DB
21411
vdb-entry
x_refsource_BID
23168
third-party-advisory
x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now