3 matches found
Cross site request forgery (csrf)
process.php in DocMGR 0.54.2 does not initialize the $siteModInfo variable when a direct request is made, which allows remote attackers to include arbitrary local files or possibly remote files via a modified includeModule and siteModInfo variable...
CVE-2006-0687
CVE-2006-0687 concerns DocMGR 0.54.2. A flaw in process.php leaves the local variable $siteModInfo uninitialized, enabling a remote attacker to abuse a modified includeModule and siteModInfo to include arbitrary local files (and possibly remote files). The vulnerability arises from direct request...
DocMGR 0.54.2 - file_exists Remote Command Execution
DocMGR 0.54.2 - fileexists Remote Command Execution works against PHP5, with shortopentag = On and registerglobals = On usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "The quality of decision is like the well-timed swoop of a falcon which enables it to strike and destroy i...