CVE-2006-4921 Information

Description

PHP remote file inclusion vulnerability in Site@School (S@S) 2.4.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to starnet/modules/include/include.php. NOTE: some of these details are obtained from third party information.

Reference

http://marc.info/?l=bugtraq&m=115869368313367&w=2 http://secunia.com/advisories/21975 http://securitytracker.com/id?1016887 http://www.osvdb.org/28941 http://www.vupen.com/english/advisories/2006/3664