CVE-2006-0164 Information

Description

phgstats.inc.php in phgstats before 0.5.1 if register_globals is enabled allows remote attackers to include arbitrary files and execute arbitrary PHP code by modifying the PHGDIR variable.

Reference

http://secunia.com/advisories/18346 http://sourceforge.net/project/shownotes.php?release_id=384232 http://www.osvdb.org/22302 http://www.securityfocus.com/bid/17469 http://www.vupen.com/english/advisories/2006/0123 https://exchange.xforce.ibmcloud.com/vulnerabilities/24062