CVE-2006-4189 Information

Description

Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php (2) aemodule.php (3) browse.php (4) cc.php (5) click.php (6) faq.php (7) gallery.php (8) im.php (9) inbox.php (10) join_form.php (11) logout.php (12) messages_inbox.php and many other scripts.

Reference

http://secunia.com/advisories/21535 http://securitytracker.com/id?1016692 http://www.osvdb.org/28473 http://www.osvdb.org/28474 http://www.osvdb.org/28478 http://www.osvdb.org/28479 http://www.osvdb.org/28485 http://www.osvdb.org/28492 http://www.osvdb.org/28493 http://www.osvdb.org/28496 http://www.osvdb.org/28498 http://www.osvdb.org/28499 http://www.osvdb.org/28500 http://www.osvdb.org/28501 http://www.osvdb.org/28502 http://www.osvdb.org/28503 http://www.osvdb.org/28504 http://www.osvdb.org/28505 http://www.osvdb.org/28506 http://www.osvdb.org/28507 http://www.osvdb.org/28508 http://www.osvdb.org/28509 http://www.osvdb.org/28510 http://www.osvdb.org/28511 http://www.osvdb.org/28512 http://www.osvdb.org/28513 http://www.osvdb.org/28514 http://www.osvdb.org/28515 http://www.osvdb.org/28516 http://www.osvdb.org/28517 http://www.osvdb.org/28519 http://www.osvdb.org/28520 http://www.osvdb.org/28521 http://www.osvdb.org/28522 http://www.osvdb.org/28523 http://www.osvdb.org/28524 http://www.osvdb.org/28525 http://www.osvdb.org/28526 http://www.osvdb.org/28527 http://www.osvdb.org/28528 http://www.osvdb.org/28529 http://www.osvdb.org/28530 http://www.securityfocus.com/bid/21182 http://www.vupen.com/english/advisories/2006/3346 https://exchange.xforce.ibmcloud.com/vulnerabilities/28363