CVE-2006-2577 Information

Description

Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier when register_globals is enabled allow remote attackers to execute arbitrary PHP code via a URL in (1) where_cms (2) where_lms (3) where_upgrade (4) BBC_LIB_PATH and (5) BBC_LANGUAGE_PATH parameters in various unspecified scripts. NOTE: the provenance of some of this information is unknown; the details are obtained solely from third party information.

Reference

http://secunia.com/advisories/20260 http://www.osvdb.org/25757 https://exchange.xforce.ibmcloud.com/vulnerabilities/26633