CVE-2006-3771 Information

Description

Multiple PHP remote file inclusion vulnerabilities in component.php in iManage CMS 4.0.12 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) articles.php (2) contact.php (3) displaypage.php (4) faq.php (5) mainbody.php (6) news.php (7) registration.php (8) whosOnline.php (9) components/com_calendar.php (10) components/com_forum.php (11) components/minibb/index.php (12) components/minibb/bb_admin.php (13) components/minibb/bb_plugins.php (14) modules/mod_calendar.php (15) modules/mod_browser_prefs.php (16) modules/mod_counter.php (17) modules/mod_online.php (18) modules/mod_stats.php (19) modules/mod_weather.php (20) themes/bizz.php (21) themes/default.php (22) themes/simple.php (23) themes/original.php (24) themes/portal.php (25) themes/purple.php and other unspecified files.

Reference

http://advisories.echo.or.id/adv/adv40-matdhule-2006.txt http://securityreason.com/securityalert/1265 http://securitytracker.com/id?1016551 http://www.osvdb.org/28647 http://www.osvdb.org/28648 http://www.osvdb.org/28649 http://www.osvdb.org/28650 http://www.osvdb.org/28651 http://www.osvdb.org/28652 http://www.osvdb.org/28653 http://www.osvdb.org/28654 http://www.osvdb.org/28655 http://www.osvdb.org/28656 http://www.osvdb.org/28657 http://www.osvdb.org/28658 http://www.osvdb.org/28659 http://www.osvdb.org/28660 http://www.osvdb.org/28661 http://www.osvdb.org/28662 http://www.osvdb.org/28663 http://www.osvdb.org/28664 http://www.osvdb.org/28665 http://www.osvdb.org/28666 http://www.osvdb.org/28667 http://www.osvdb.org/28668 http://www.osvdb.org/28669 http://www.osvdb.org/28670 http://www.osvdb.org/28671 http://www.securityfocus.com/archive/1/440642/100/0/threaded http://www.securityfocus.com/bid/19090 https://exchange.xforce.ibmcloud.com/vulnerabilities/27875 https://www.exploit-db.com/exploits/2046