CVE-2006-3850 Information
Description
LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks DISPUTED LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks PHP remote file inclusion vulnerability in upgrader.php in Vanilla CMS 1.0.1 and earlier when /conf/old_settings.php exists allows remote attackers to execute arbitrary PHP code via a URL in the RootDirectory parameter. NOTE: this issue has been disputed by a third party who states that the RootDirectory parameter is initialized before being used for version 1.0. CVE analysis concurs with the dispute but it is unclear whether older versions are affected.
Reference
http://securityreason.com/securityalert/1281 http://securitytracker.com/id?1016568 http://www.attrition.org/pipermail/vim/2006-July/000937.html http://www.attrition.org/pipermail/vim/2006-July/000944.html http://www.osvdb.org/28287 http://www.securityfocus.com/archive/1/440938/100/0/threaded http://www.securityfocus.com/archive/1/442450/100/0/threaded http://www.securityfocus.com/bid/19127
Share on: