CVE-2006-3193 Information
Description
Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS 1.1.1 when register_globals is enabled allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) includes/content/contact_content.php; multiple files in adminpanel/includes/add_forms/ including (2) addbioform.php (3) addfliersform.php (4) addgenmerchform.php (5) addinterviewsform.php (6) addlinksform.php (7) addlyricsform.php (8) addmembioform.php (9) addmerchform.php (10) addmerchpicform.php (11) addnewsform.php (12) addphotosform.php (13) addreleaseform.php (14) addreleasepicform.php (15) addrelmerchform.php (16) addreviewsform.php (17) addshowsform.php (18) addwearmerchform.php; (19) adminpanel/includes/mailinglist/disphtmltbl.php and (20) adminpanel/includes/mailinglist/dispxls.php.
Reference
http://secunia.com/advisories/20768 http://sourceforge.net/project/shownotes.php?release_id=428062 http://www.osvdb.org/27233 http://www.osvdb.org/27234 http://www.osvdb.org/27235 http://www.osvdb.org/27236 http://www.osvdb.org/27237 http://www.osvdb.org/27238 http://www.osvdb.org/27239 http://www.osvdb.org/27240 http://www.osvdb.org/27241 http://www.osvdb.org/27242 http://www.osvdb.org/27243 http://www.osvdb.org/27244 http://www.osvdb.org/27245 http://www.osvdb.org/27246 http://www.osvdb.org/27247 http://www.osvdb.org/27248 http://www.osvdb.org/27249 http://www.osvdb.org/27250 http://www.osvdb.org/27251 http://www.osvdb.org/27252 http://www.securityfocus.com/bid/18555 http://www.vupen.com/english/advisories/2006/2462 https://www.exploit-db.com/exploits/1933
Share on: