CVE-2006-5432 in phpPowerCards情報

要約

〜によって MITRE

Multiple direct static code injection vulnerabilities in db/txt.inc.php in phpPowerCards 2.10, when register_globals is enabled, allow remote attackers to create or overwrite arbitrary files via the (1) email[to], (2) email[from], (3) name[to], (4) name[from], (5) picture, (6) comment, or (7) sessionID parameter, as demonstrated by creating a new .php file that permits remote file inclusion, and then requesting this file.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

予約する

2006年10月20日

モデレーション

承諾済み

エントリ

VDB-32884

エクスプロイト

ダウンロード

EPSS

0.02562

アクティビティ

非常低い

ソース

Interested in the pricing of exploits?

See the underground prices here!