CVE-2006-2928
CMS-Bandits 2.5 and earlier are affected by multiple PHP remote file inclusion vulnerabilities when register_globals is enabled. The issue allows remote attackers to execute arbitrary PHP code by supplying a crafted URL in the spaw_root parameter of dialogs/img.php and dialogs/td.php. Root cause:...