CVE-2006-5310

PHP remote file inclusion vulnerability in common/visiteurs/include/menus.inc.php in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter.

Score6.8
Access VectorNETWORK
Access ComplexityMEDIUM
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL
Published2006-10-17 12:07:00.000-04
Last Modified2018-10-17 05:42:06.000-04

Vulnerable Software List

VendorProductVersions
Phpmyconferences Phpmyconferences 8.0.2
J-pierre Dezelus Les Visiteurs 2.0.1

References

SourceLink
SREASON1733
BUGTRAQ20061013 phpMyConferences <= 8.0.2 Remote File Inclusion
BID20505
VUPENADV-2006-4045
XFphpmyconferences-menus-file-include(29514)
EXPLOIT-DB2535