CVE-2006-4837

2006-09-15T18:07:00
ID CVE-2006-4837
Type cve
Reporter NVD
Modified 2017-10-18T21:29:25

Description

Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) library/lib.php and (2) library/editor/editor.php. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message.