CVE-2006-5131 Information

Description

module/shout/jafshout.php (aka the shoutbox) in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allows remote attackers to execute arbitrary code within sections bounded by ?php\ and ?\ possibly due to a static code injection vulnerability involving admin/data_inc.php.

Reference

http://secunia.com/advisories/22143 http://securityreason.com/securityalert/1674 http://www.securityfocus.com/archive/1/447081/100/0/threaded