CVE-2006-5899

PHP remote file inclusion vulnerability in install.php3 in @cid stats 2.3 allows remote attackers to execute arbitrary PHP code via a URL in the repertoire parameter. NOTE: this issue has been disputed by a third party, who states that install.php3 is supposed to be deleted after installation and...

CVE-2006-5899

The CVE-2006-5899 issue is a PHP remote file inclusion in @cid stats 2.3 via the repertoire parameter of install.php3, enabling remote code execution. The root cause is the presence of install.php3 that can be invoked with a URL parameter to include arbitrary PHP code. The notes in sources indica...

PT-2006-6566 · @Cid · @Cid Stats

Name of the Vulnerable Software and Affected Versions: @cid stats version 2.3 Description: A remote file inclusion issue in install.php3 allows remote attackers to execute arbitrary PHP code via a URL in the repertoire parameter. Note that this issue has been disputed by a third party, who claims...

cidstats.txt

@cid stats v2.3 File Include Source Code: http://www.comscripts.com/jump.php?action=script&id=1115 Vulnerable Code: install.php3 In Line 41 : require"'.$repertoire."/".'statsfonctions.php3 Exploit : http://www.VicTim.com/@/install.php3?repertoire=ShElL.txt? Discoverd By : Mahmoodali Special...

@cid stats v2.3 File Include

@cid stats v2.3 File Include Source Code: http://www.comscripts.com/jump.php?action=script&id=1115 Vulnerable Code: install.php3 In Line 41 : require"'.$repertoire."/".'statsfonctions.php3 Exploit : http://www.VicTim.com/@/install.php3?repertoire=ShElL.txt? Discoverd By : Mahmoodali Special...

@cid Stats 2.3 - 'Install.php3' Remote File Inclusion

source: https://www.securityfocus.com/bid/20925/info The '@cid stats' program is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other...