CVE-2006-5308

Multiple PHP remote file inclusion vulnerabilities in Open Conference Systems (OCS) before 1.1.6 allow remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter in (1) include/theme.inc.php or (2) include/footer.inc.php.

Score7.5
Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL
Published2006-10-17 11:07:00.000-04
Last Modified2018-10-17 05:42:05.000-04

Vulnerable Software List

VendorProductVersions
Open Conference Systems Open Conference Systems 1.1.5

References

SourceLink
MISChttp://isc.sans.org/diary.php?storyid=1791
CONFIRMhttp://pkp.sfu.ca/ocs_download
CONFIRMhttp://pkp.sfu.ca:8043/bugzilla/attachment.cgi?id=90
CONFIRMhttp://pkp.sfu.ca:8043/bugzilla/show_bug.cgi?id=2436
SECTRACK1017071
BUGTRAQ20061013 Open Conference Systems <= 1.1.3 Remote File Inclusion
BID20567
VUPENADV-2006-4041
XFocs-fullpath-file-include(29517)
EXPLOIT-DB2536