Secunia Research: phpRaid SQL Injection and File Inclusion Vulnerabilities

====================================================================== Secunia Research 29/06/2006 - phpRaid SQL Injection and File Inclusion Vulnerabilities - ====================================================================== Table of Contents Affected...

CVE-2006-3115

SQL injection vulnerability in view.php in phpRaid 3.0.4, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the raidid parameter...

CVE-2006-3115

The CVE-2006-3115 entry concerns phpRaid (versions around 3.0.4 onward). According to Secunia Research, there are SQL injection vulnerabilities in phpRaid's view.php where user-supplied input in the raid_id parameter is not properly sanitized before being used in SQL queries, enabling remote mani...

CVE-2006-3116

CVE-2006-3116 covers multiple PHP remote file inclusion vulnerabilities in phpRaid. Affected are phpRaid 3.0.4 and 3.0.5 (and related 3.0.6 in some vectors). The issue arises from unsafely using the phpraid_dir parameter to include files, enabling arbitrary PHP code execution when a URL is suppli...

CVE-2006-3116

Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.4 and 3.0.5 allow remote attackers to execute arbitrary code via a URL in the phpraiddir parameter to 1 configuration.php, 3 guilds.php, 4 index.php, 5 locations.php, 6 login.php, 7 luaoutput.php, 8 permissions.php, 9 profile.php, ...