CVE-2006-5762

2006-11-0623:00:00

mitre

www.cve.org

7.6 High

AI Score

Confidence

Low

0.684 Medium

EPSS

Percentile

98.0%

JSON

PHP remote file inclusion vulnerability in forgot_pass.php in Free File Hosting 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: this issue was later reported for the “File Upload System” which is a component of Free File Hosting. This also affects Free Image Hosting 2.0, which contains the same code.

References

secunia.com/advisories/22594

www.attrition.org/pipermail/vim/2007-March/001473.html

www.osvdb.org/30143

www.rahim.webd.pl/exploity/Exploits/111.txt

www.securityfocus.com/archive/1/463707/100/0/threaded

www.securityfocus.com/bid/20781

www.securityfocus.com/bid/23118

www.vupen.com/english/advisories/2006/4228

exchange.xforce.ibmcloud.com/vulnerabilities/29874

exchange.xforce.ibmcloud.com/vulnerabilities/33196

www.exploit-db.com/exploits/2670

www.exploit-db.com/exploits/3568