CVE-2006-2158 Information

Feb 14, 2021 cve

Description

Dynamic variable evaluation vulnerability in index.php in Stadtaus Guestbook Script 1.7 and earlier when register_globals is enabled allows remote attackers to modify arbitrary program variables via parameters which are evaluated as PHP variable variables as demonstrated by performing PHP remote file inclusion using the include_files array parameter.

Reference

http://retrogod.altervista.org/gbs_17_xpl_pl.html http://secunia.com/advisories/19957 http://www.securityfocus.com/bid/17845 http://www.stadtaus.com/forum/t-2600.html http://www.vupen.com/english/advisories/2006/1660 https://exchange.xforce.ibmcloud.com/vulnerabilities/26252

Share on: