Back to search
CVE-2006-6975
Published: Feb 8, 2007
Modified: Jan 17, 2025
PUBLISHED
Description
PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the class_pwd parameter. NOTE: this issue has been disputed by CVE and multiple third parties, who state that $class_pwd is set to a static value before the relevant include statement
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20061030 Re: CentiPaid <= 1.4.2 [$class_pwd] Remote File Include
mailing-list
x_refsource_BUGTRAQ
20061028 CentiPaid <= 1.4.2 [$class_pwd] Remote File Include
mailing-list
x_refsource_BUGTRAQ
20061030 Re: CentiPaid <= 1.4.2 [$class_pwd] Remote File Include
mailing-list
x_refsource_BUGTRAQ
31638
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now