CVE-2006-5292

PHP remote file inclusion vulnerability in photo_comment.php in Exhibit Engine 1.5 RC 4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter.

Score7.5
Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL
Published2006-10-16 02:07:00.000-04
Last Modified2017-10-18 09:29:32.000-04

Vulnerable Software List

VendorProductVersions
Exhibit Engine Exhibit Engine 1.22, 1.5 rc4

References

SourceLink
BID20447
XFexhibit-engine-photo-file-include(29424)
EXPLOIT-DB2509