2 matches found
CVE-2006-1704
The CVE-2006-1704 entry concerns Sire 2.0 nws, where a flaw in upload.php allows remote attackers to upload arbitrary image files without authentication. The root cause is an unauthenticated file upload path via a direct request to upload.php, enabling an attacker to place image files on the serv...
CVE-2006-1703
CVE-2006-1703 describes a PHP remote file inclusion in lire.php of Sire 2.0 nws, allowing remote attackers to execute arbitrary PHP code via a URL in the rub parameter. Affected software: Sire 2.0 nws (lire.php). Root cause: improper handling of the rub parameter enabling remote file inclusion. I...