CVE-2006-1955 Information

Description

PHP remote file inclusion vulnerability in authent.php4 in Nicolas Fischer (aka NFec) RechnungsZentrale V2 1.1.3 and possibly earlier versions allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter.

Reference

http://archives.neohapsis.com/archives/bugtraq/2006-04/0384.html http://secunia.com/advisories/19728 http://www.g-0.org/code/rz2-adv.html http://www.osvdb.org/24753 http://www.securityfocus.com/bid/17589 http://www.vupen.com/english/advisories/2006/1425 https://exchange.xforce.ibmcloud.com/vulnerabilities/25912 https://www.exploit-db.com/exploits/1699