4 matches found
CVE-2006-5899
PHP remote file inclusion vulnerability in install.php3 in @cid stats 2.3 allows remote attackers to execute arbitrary PHP code via a URL in the repertoire parameter. NOTE: this issue has been disputed by a third party, who states that install.php3 is supposed to be deleted after installation and...
CVE-2006-5899
The CVE-2006-5899 issue is a PHP remote file inclusion in @cid stats 2.3 via the repertoire parameter of install.php3, enabling remote code execution. The root cause is the presence of install.php3 that can be invoked with a URL parameter to include arbitrary PHP code. The notes in sources indica...
CVE-2006-5899
PHP remote file inclusion vulnerability in install.php3 in @cid stats 2.3 allows remote attackers to execute arbitrary PHP code via a URL in the repertoire parameter. NOTE: this issue has been disputed by a third party, who states that install.php3 is supposed to be deleted after installation and...
@cid Stats 2.3 - 'Install.php3' Remote File Inclusion
source: https://www.securityfocus.com/bid/20925/info The '@cid stats' program is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other...