2 matches found
CVE-2006-6739
PHP remote file inclusion vulnerability in buycd.php in Paristemi 0.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the HTTPDOCUMENTROOT parameter, a different vector than CVE-2006-6689...
CVE-2006-6739
CVE-2006-6739 describes a PHP remote file inclusion in Paristemi 0.8.3, specifically the buycd.php component. The root cause is unsafe handling of a URL provided via the HTTP_DOCUMENT_ROOT parameter, allowing an attacker to include arbitrary PHP code and potentially execute it on the server. The ...