CVE-2006-2608

2006-05-26T01:06:00
ID CVE-2006-2608
Type cve
Reporter cve@mitre.org
Modified 2018-10-18T16:40:00

Description

artmedic newsletter 4.1 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the logfile parameter in a direct request to log.php, which causes the $logfile variable to be redefined to an attacker-controlled value, as demonstrated by injecting PHP code into info.php.