3 matches found
CVE-2006-7184
Multiple PHP remote file inclusion vulnerabilities in Exhibit Engine EE 1.22, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to 1 fetchsettings.php or 2 fstyles.php. NOTE: the provenance of this information is unknown; the details are...
CVE-2006-7184
Exhibit Engine (EE) vulnerable to remote file inclusion via the toroot parameter in fetchsettings.php and fstyles.php (EE 1.22 and possibly earlier). Root cause: inadequate input sanitization when including PHP code, permitting an attacker to cause arbitrary code execution if PHP register_globals...
Exhibit Engine styles.php toroot Parameter Remote File Inclusion
The remote web server is running Exhibit Engine, a PHP based photo gallery management system. The version of Exhibit Engine installed on the remote host fails to sanitize input to the 'toroot' parameter before using it in the 'styles.php' script to include PHP code. Provided PHP's 'registerglobal...