2 matches found
CVE-2006-0687
process.php in DocMGR 0.54.2 does not initialize the $siteModInfo variable when a direct request is made, which allows remote attackers to include arbitrary local files or possibly remote files via a modified includeModule and siteModInfo variable...
CVE-2006-0687
CVE-2006-0687 concerns DocMGR 0.54.2. A flaw in process.php leaves the local variable $siteModInfo uninitialized, enabling a remote attacker to abuse a modified includeModule and siteModInfo to include arbitrary local files (and possibly remote files). The vulnerability arises from direct request...