CVE-2006-5240

PHP remote file inclusion vulnerability in engine/require.php in Docmint 2.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the MY_ENV[BASE_ENGINE_LOC] parameter.

Score5.1
Access VectorNETWORK
Access ComplexityHIGH
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL
Published2006-10-11 08:07:00.000-04
Last Modified2018-10-17 05:41:50.000-04

Vulnerable Software List

VendorProductVersions
Docmint Docmint Cms 2.0

References

SourceLink
MISChttp://advisories.echo.or.id/adv/adv51-K-159-2006.txt
SREASON1709
SECTRACK1017026
CONFIRMhttp://www.docmint.net/index.php?id=54
BUGTRAQ20061009 [ECHO_ADV_51$2006] docmint <= 2.0 (MY_ENV[BASE_ENGINE_LOC]) Remote File Inclusion Vulnerability
BID20409
VUPENADV-2006-3968
XFdocmint-engine-file-include(29390)
EXPLOIT-DB2493