CVE-2006-2768

2006-06-02T10:18:00
ID CVE-2006-2768
Type cve
Reporter cve@mitre.org
Modified 2017-10-19T01:29:00

Description

PHP remote file inclusion vulnerability in METAjour 2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) system_path parameter in a large number of files in the (a) app/edocument/, (b) app/eproject/, (c) app/erek/, and (d) extension/ directories, and the (2) GLOBALS[system_path] parameter in (e) extension/sitemap/sitemap.datatype.php. Successful exploitation requires that "register_globals" is enabled.