CVE-2006-4848 Information

Description

LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks DISPUTED LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks Multiple PHP remote file inclusion vulnerabilities in Brian Fraval Hitweb 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the REP_CLASS parameter to (1) index.php (2) arbo.php (3) framepoint.php (4) genpage.php (5) lienvalider.php (6) appreciation.php (7) partenariat.php (8) rechercher.php (9) projet.php (10) propoexample.php (11) refererpoint.php or (12) top50.php. NOTE: this issue has been disputed by a third party researcher stating that REP_CLASS is initialized in an included file before being used.

Reference

http://securityreason.com/securityalert/1590 http://www.securityfocus.com/archive/1/446219/100/0/threaded http://www.securityfocus.com/archive/1/446567/100/200/threaded http://www.securityfocus.com/bid/20060