CVE-2006-7044

PHP remote file inclusion vulnerability in comment.core.inc.php in Clan Manager Pro CMPRO 1.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter...

CVE-2006-7046

This CVE concerns a PHP remote file inclusion in Clan Manager Pro (CMPRO) 1.1.0. The vulnerable element is cmpro.intern/login.inc.php, where an attacker can cause arbitrary PHP code execution by supplying a URL in the rootpath parameter. The description and related records (NVD, Red Hat advisory,...

CVE-2006-7045

CVE-2006-7045 affects Clan Manager Pro (CMPRO) versions 1.1.0 and earlier. The vulnerability is a PHP remote file inclusion flaw that lets an attacker supply a URL via the (1) rootpath and possibly (2) sitepath parameters to (a) cmpro.ext/comment.core.inc.php and (b) cmpro.intern/comment.core.inc...

CVE-2006-7044

The CVE-2006-7044 entry concerns Clan Manager Pro (CMPRO) up to version 1.11, where a PHP remote file inclusion flaw exists in comment.core.inc.php. The underlying issue allows an attacker to supply a URL via the sitepath parameter, enabling remote code execution on the affected server. The vulne...

cmpro-1.1.txt

Hi, http://sx02.coresec.de/advisories/149.txt -- cut here -- !/usr/bin/perl Clan Manager Pro CMPRO perl cmpro.pl http://localhost/path/to/cmpro.extern/ http://localhost/cmd.gif cmd cmd shell example: cmd variable: cmd; DORK: inurl:"cmpro.ext" Vulnerable code cmproheader.inc.php...

CVE-2006-2921

CVE-2006-2921 affects Clan Manager Pro (CMPRO) 1.1 and earlier. The vulnerability is a PHP remote file inclusion in cmpro_header.inc.php when register_globals is enabled, enabling an attacker to run arbitrary PHP code via a URL in the (1) cm_ext_server and (2) sitepath parameters. The provided do...