CVE-2006-2922 - Multiple PHP remote file inclusion vulnerabilities in MiraksGalerie 2.62 allow remote attackers to e

CVE-2006-2922

Summary

Multiple PHP remote file inclusion vulnerabilities in MiraksGalerie 2.62 allow remote attackers to execute arbitrary PHP code via a URL in the (1) g_pcltar_lib_dir parameter in (a) pcltar.lib.php when register_globals is enabled, and (2) listconfigfile[] parameter in (b) galsecurity.lib.php and (c) galimage.lib.php.

References

Vulnerable Configurations

cpe:2.3:a:miraks:miraksgalerie:2.62:*:*:*:*:*:*:*
cpe:2.3:a:miraks:miraksgalerie:2.62:*:*:*:*:*:*:*

CVSS

Base:	5.1 (as of 18-10-2018 - 16:43)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:H/Au:N/C:P/I:P/A:P

refmap via4

bid	18313
bugtraq	20060607 MiraksGalerie <= 2.62 Multiple Remote command execution
osvdb	26194 26195 26196
sectrack	1016249
secunia	20475
vupen	ADV-2006-2187
xf	miraksgalerie-multiple-file-include(27010)

Last major update

18-10-2018 - 16:43

Published

09-06-2006 - 10:02

Last modified

18-10-2018 - 16:43