CVE-2006-2811 Information

Description

Multiple PHP remote file inclusion vulnerabilities in Cantico Ovidentia 5.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the babInstallPath parameter in (1) index.php (2) topman.php (3) approb.php (4) vacadmb.php (5) vacadma.php (6) vacadm.php (7) statart.php (8) search.php (9) posts.php (10) options.php (11) login.php (12) frchart.php (13) flbchart.php (14) fileman.php (15) faq.php (16) event.php (17) directory.php (18) articles.php (19) artedit.php (20) calday.php and additional unspecified PHP scripts. NOTE: the utilit.php vector is already covered by CVE-2005-1964.

Reference

http://securityreason.com/securityalert/1033 http://www.osvdb.org/27209 http://www.osvdb.org/27211 http://www.osvdb.org/27212 http://www.osvdb.org/27213 http://www.osvdb.org/27214 http://www.osvdb.org/27215 http://www.osvdb.org/27216 http://www.osvdb.org/27217 http://www.osvdb.org/27218 http://www.osvdb.org/27219 http://www.osvdb.org/27220 http://www.osvdb.org/27221 http://www.osvdb.org/27222 http://www.osvdb.org/27223 http://www.osvdb.org/27224 http://www.osvdb.org/27225 http://www.osvdb.org/27226 http://www.osvdb.org/27227 http://www.osvdb.org/27228 http://www.osvdb.org/27229 http://www.securityfocus.com/archive/1/435590/100/0/threaded http://www.securityfocus.com/archive/1/456893/100/200/threaded http://www.securityfocus.com/archive/1/459572/100/0/threaded http://www.securityfocus.com/bid/18232 https://exchange.xforce.ibmcloud.com/vulnerabilities/26981