CVE-2006-5386

2006-10-1819:00:00

mitre

www.cve.org

AI Score

7.5

Confidence

High

EPSS

0.039

Percentile

92.0%

JSON

PHP remote file inclusion vulnerability in process.php in NuralStorm Webmail 0.98b and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DEFAULT_SKIN parameter.

References

secunia.com/advisories/22403

www.vupen.com/english/advisories/2006/4044

exchange.xforce.ibmcloud.com/vulnerabilities/29553

www.exploit-db.com/exploits/2561