DotClear layout/prepend.php log_dc_path Variable Remote File Inclusion

ID OSVDB:25977
Type osvdb
Reporter OSVDB
Modified 2006-06-03T09:20:07


Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002). Additionally, the 'allow_url_fopen' PHP option must be set to 'on'.


Vendor URL: Secunia Advisory ID:20437 Other Advisory URL: Mail List Post: FrSIRT Advisory: ADV-2006-2137 CVE-2006-2866 Bugtraq ID: 18259