2 matches found
CVE-2006-4621
CVE-2006-4621 describes a PHP remote file inclusion in Pheap CMS: settings.php in Pheap 1.2 and earlier, allowing arbitrary PHP execution via a URL in the lpref parameter. The same lib/config.php vector is noted as covered by CVE-2006-4531. Connected records confirm affected software (Pheap CMS),...
CVE-2006-4531
Vulnerability: PHP remote file inclusion in Pheap CMS 1.1 and earlier. Product: Pheap CMS, file lib/config.php; vector: lpref parameter taking a URL to include, enabling remote PHP code execution. Impact: potential arbitrary PHP execution on affected installations. Root cause: unsafely including ...