CVE-2006-5280

PHP remote file inclusion vulnerability in includes/import-archive.php in Leicestershire communityPortals 1.0 build 20051018 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path parameter.

Referenced by CVEs: CVE-2006-5739, CVE-2006-7146
Score6.8
Access VectorNETWORK
Access ComplexityMEDIUM
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL
Published2006-10-13 03:07:00.000-04
Last Modified2017-10-18 09:29:32.000-04

Vulnerable Software List

VendorProductVersions
Cuttlefish Multimedia Ltd. Leicestershire Communityportals 1.build 20051018

References

SourceLink
BID20479
VUPENADV-2006-4010
XFcommunity-portals-importarchive-file-include(29487)
EXPLOIT-DB2516