CVE-2006-5261

Multiple PHP remote file inclusion vulnerabilities in PHPMyNews 1.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the cfg_include_dir parameter in (1) disp_form.php3, (2) disp_smileys.php3, (3) little_news.php3, and (4) index.php3 in include/.

Score7.5
Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL
Published2006-10-12 06:07:00.000-04
Last Modified2018-10-17 05:41:56.000-04

Vulnerable Software List

VendorProductVersions
Phpmynews Phpmynews 1.4

References

SourceLink
SREASON1720
BUGTRAQ20061008 PHPMyNews 1.4 <= (cfg_include_dir) Remote File Include Vulnerability
BID20396
XFphpmynews-multiple-file-include(29401)
EXPLOIT-DB2488