QwikSec

Security Database

CVE

CWE

Training

CVE-2010-1106

Published: Mar 25, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

PHP remote file inclusion vulnerability in cgi/index.php in AdvertisementManager 3.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the req parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

advertisementmanager-index-file-include(55756)

vdb-entry

x_refsource_XF

http://www.packetstormsecurity.com/1001-exploits/advertisemanager-xssrfitraversal.txt

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.