Secunia Research: phpRaid SQL Injection and File Inclusion Vulnerabilities

====================================================================== Secunia Research 29/06/2006 - phpRaid SQL Injection and File Inclusion Vulnerabilities - ====================================================================== Table of Contents Affected...

CVE-2006-3317

PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote attackers to execute arbitrary code via a URL in the phpraiddir parameter to 1 announcements.php and 2 rss.php, a different set of vectors and affected versions than CVE-2006-3316 and CVE-2006-3116...

CVE-2006-3317

CVE-2006-3317 describes a PHP remote file inclusion vulnerability in phpRaid 3.0.6. The flaw allows an attacker to execute arbitrary code by supplying a URL in the phpraid_dir parameter to announcements.php or rss.php. This is a distinct set of vectors/affected versions compared to CVE-2006-3316 ...

CVE-2006-3317

PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote attackers to execute arbitrary code via a URL in the phpraiddir parameter to 1 announcements.php and 2 rss.php, a different set of vectors and affected versions than CVE-2006-3316 and CVE-2006-3116...