CVE-2006-5234

** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in phpWebSite 0.10.2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPWS_SOURCE_DIR parameter in (1) init.php, (2) users.php, (3) Cookie.php, (4) forms.php, (5) Groups.php, (6) ModSetting.php, (7) Calendar.php, (8) DateTime.php, (9) core.php, (10) ImgLibrary.php, (11) Manager.php, and (12) Template.php, and (13) EZform.php. NOTE: CVE disputes this report, since "PHPWS_SOURCE_DIR" is defined as a constant, not accessed as a variable.

Score7.5
Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL
Published2006-10-10 09:07:00.000-04
Last Modified2018-10-17 05:41:49.000-04

Vulnerable Software List

VendorProductVersions
Phpwebsite Phpwebsite 0.10.2

References

SourceLink
SREASON1716
VIM20061010 phpWebSite 0.10.2 RFI - CVE dispute
BUGTRAQ20061009 phpWebSite 0.10.2 Remote File Include Vulnerabilities
BUGTRAQ20061011 Re: phpWebSite 0.10.2 Remote File Include Vulnerabilities
BID20412