CVE-2006-4311 Information

Description

PHP remote file inclusion vulnerability in Sonium Enterprise Adressbook 0.2 allows remote attackers to execute arbitrary PHP code via the folder parameter in multiple files in the plugins directory as demonstrated by plugins/1_Adressbuch/delete.php.

Reference

http://secunia.com/advisories/21553 http://www.bb-pcsecurity.de/Websecurity/342/org/Sonium_Enterprise_Adressbook_Version_0.2_(folder)_RFI.htm http://www.securityfocus.com/archive/1/443701/100/0/threaded http://www.securityfocus.com/bid/19597 http://www.vupen.com/english/advisories/2006/3334 https://exchange.xforce.ibmcloud.com/vulnerabilities/28464