CVE-2006-4160 Information

Description

Multiple PHP remote file inclusion vulnerabilities in Tony Bibbs and Vincent Furia MVCnPHP 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the glConf[path_library] parameter to (1) BaseCommand.php (2) BaseLoader.php and (3) BaseView.php.

Reference

http://secunia.com/advisories/21455 http://www.osvdb.org/27894 http://www.osvdb.org/27895 http://www.osvdb.org/27896 http://www.securityfocus.com/bid/19481 http://www.vupen.com/english/advisories/2006/3268 https://exchange.xforce.ibmcloud.com/vulnerabilities/28339 https://www.exploit-db.com/exploits/2173