CVE-2006-5284

PHP remote file inclusion vulnerability in auth/phpbb.inc.php in Shen Cheng-Da PHP News Reader (aka pnews) 2.6.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CFG[auth_phpbb_path] parameter.

Score5.1
Access VectorNETWORK
Access ComplexityHIGH
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL
Published2006-10-13 03:07:00.000-04
Last Modified2017-10-18 09:29:32.000-04

Vulnerable Software List

VendorProductVersions
Php News Reader Php News Reader 2.6.2, 2.6.4

References

SourceLink
BID20480
VUPENADV-2006-4011
XFphpnewsreader-phpbbinc-file-include(29481)
EXPLOIT-DB2517