CVE-2006-4969 Information

Description

Multiple PHP remote file inclusion vulnerabilities in WAHM E-Commerce Pie Cart Pro allow remote attackers to execute arbitrary PHP code via a URL in the Inc_Dir parameter in (1) affiliates.php (2) orders.php (3) events.php (4) index.php (5) articles.php (6) faqs.php (7) guestbook.php (8) catalog.php (9) wholesale.php (10) weblinks.php (11) certificates.php (12) sitesearch.php (13) contact.php (14) sitemap.php (15) search.php (16) registry.php or (17) error.php.

Reference

http://secunia.com/advisories/22131 http://www.osvdb.org/29198 http://www.osvdb.org/29199 http://www.osvdb.org/29200 http://www.osvdb.org/29201 http://www.osvdb.org/29202 http://www.osvdb.org/29203 http://www.osvdb.org/29204 http://www.osvdb.org/29205 http://www.osvdb.org/29206 http://www.osvdb.org/29207 http://www.osvdb.org/29208 http://www.osvdb.org/29209 http://www.osvdb.org/29210 http://www.osvdb.org/29211 http://www.osvdb.org/29212 http://www.osvdb.org/29213 http://www.osvdb.org/29214 http://www.securityfocus.com/bid/20099 http://www.vupen.com/english/advisories/2006/3798 https://exchange.xforce.ibmcloud.com/vulnerabilities/29023 https://www.exploit-db.com/exploits/2393