CVE-2006-1371 Information

Description

Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php (2) standalonemanager.php and (3) images.php.

Reference

http://secunia.com/advisories/19353 http://www.attrition.org/pipermail/vim/2006-March/000649.html http://www.osvdb.org/24058 http://www.osvdb.org/24059 http://www.securityfocus.com/bid/17209 http://www.vupen.com/english/advisories/2006/1052 http://xhp.targetit.ro/index.php?page=3&box_id=34&action=show_single_entry&post_id=10 https://exchange.xforce.ibmcloud.com/vulnerabilities/25399 https://www.exploit-db.com/exploits/1605