CVE-2006-5255

** DISPUTED ** PHP remote file inclusion vulnerability in addnews.php in Greg Neustaetter gCards 1.13 allows remote attackers to execute arbitrary PHP code via a URL in the languagefile parameter. NOTE: another researcher has observed that languageFile is defined before use. CVE analysis as of 20061012 concurs with the dispute.

Score7.5
Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL
Published2006-10-12 06:07:00.000-04
Last Modified2018-10-17 05:41:55.000-04

Vulnerable Software List

VendorProductVersions
Greg Neustaetter Gcards 1.13

References

SourceLink
BUGTRAQ20061011 Re: gcards (languagefile) <= Remote File Include
BUGTRAQ20061010 gcards (languagefile) <= Remote File Include
BID20461