CVE-2006-6771
CVE-2006-6771 affects Irokez CMS 0.7.1 and earlier. When register_globals is enabled, remote attackers can craft a URL to set GLOBALS[PTH] parameters to include PHP code, enabling remote code execution. Affected files include (1) scripts/gallery.scr.php (func), (2) scripts/xtextarea.scr.php (spaw...