3 matches found
CVE-2006-3850
PHP remote file inclusion vulnerability in upgrader.php in Vanilla CMS 1.0.1 and earlier, when /conf/oldsettings.php exists, allows remote attackers to execute arbitrary PHP code via a URL in the RootDirectory parameter. NOTE: this issue has been disputed by a third party who states that the...
CVE-2006-3850
PHP remote file inclusion vulnerability in upgrader.php in Vanilla CMS 1.0.1 and earlier, when /conf/oldsettings.php exists, allows remote attackers to execute arbitrary PHP code via a URL in the RootDirectory parameter. NOTE: this issue has been disputed by a third party who states that the...
CVE-2006-3850
Vanilla CMS 1.0.1 and earlier contains a remote file inclusion vulnerability in upgrader.php when /conf/old_settings.php exists. An attacker can dereference a URL in the RootDirectory parameter to execute arbitrary PHP code. The issue has been disputed for version 1.0 (some sources state the Root...