CVE-2006-1767 Information
Description
Multiple PHP remote file inclusion vulnerabilities in nicecoder.com INDEXU 5.0.0 and 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the theme_path parameter in (1) index.php (2) become_editor.php (3) add.php (4) bad_link.php (5) browse.php (6) detail.php (7) fav.php (8) get_rated.php (9) login.php (10) mailing_list.php (11) new.php (12) modify.php (13) pick.php (14) power_search.php (15) rating.php (16) register.php (17) review.php (18) rss.php (19) search.php (20) send_pwd.php (21) sendmail.php (22) tell_friend.php (23) top_rated.php (24) user_detail.php and (25) user_search.php; and the (26) base_path parameter in invoice.php.
Reference
http://ftp.kep.online.fr/Indexu_5.0.1_File_Inclusion_Exploit-by_King-Hacker_and-Khamaileon.txt http://securitytracker.com/id?1015891 http://securitytracker.com/id?1016331 http://www.osvdb.org/24596 http://www.osvdb.org/24597 http://www.osvdb.org/28406 http://www.osvdb.org/28409 http://www.osvdb.org/28410 http://www.osvdb.org/28412 http://www.osvdb.org/28413 http://www.osvdb.org/28415 http://www.osvdb.org/28416 http://www.osvdb.org/28417 http://www.osvdb.org/28419 http://www.osvdb.org/28422 http://www.osvdb.org/28425 http://www.osvdb.org/28426 http://www.osvdb.org/28427 http://www.securityfocus.com/archive/1/430599/100/0/threaded http://www.securityfocus.com/bid/17470
Share on: