CVE-2006-5432 in phpPowerCards信息

摘要

由 MITRE

Multiple direct static code injection vulnerabilities in db/txt.inc.php in phpPowerCards 2.10, when register_globals is enabled, allow remote attackers to create or overwrite arbitrary files via the (1) email[to], (2) email[from], (3) name[to], (4) name[from], (5) picture, (6) comment, or (7) sessionID parameter, as demonstrated by creating a new .php file that permits remote file inclusion, and then requesting this file.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

来源

Do you know our Splunk app?

Download it now for free!