ID CVE-2006-3172
Type cve
Reporter NVD
Modified 2017-07-19T21:32:06


Multiple PHP remote file inclusion vulnerabilities in Content*Builder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL with a trailing slash (/) character in the (1) lang_path parameter to (a) cms/plugins/col_man/, (b) cms/plugins/poll/, (c) cms/plugins/user_managment/, (d) cms/plugins/user_managment/, (e) cms/plugins/media_manager/, (f) cms/plugins/events/, (g) cms/plugins/events/, and (h) cms/plugins/newsletter2/; (2) path[cb] parameter to (i) modules/guestbook/, (j) modules/shoutbox/shoutBox.php, and (k) modules/sitemap/; and the (3) rel parameter to (l) modules/download/, (m) modules/download/, (n) modules/article/, (o) modules/article/, (p) modules/article2/, (q) modules/article2/, (r) modules/article2/, (s) modules/headline/headlineBox.php, and (t) modules/headline/