CVE-2006-5250 Information

Feb 14, 2021 cve

Description

PHP remote file inclusion vulnerability in lib/googlesearch/GoogleSearch.php in BlueShoes 4.6_public and earlier allows remote attackers to execute arbitrary PHP code via a URL in the APP[path][lib] parameter a different vector than CVE-2006-2864.

Reference

http://securityreason.com/securityalert/1713 http://www.blueshoes.org/en/news/ http://www.securityfocus.com/archive/1/448182/100/0/threaded http://www.securityfocus.com/bid/20450 https://exchange.xforce.ibmcloud.com/vulnerabilities/29429 The following conditions must be met in order for this vulnerability to be exploited:\r\n1) BlueShoes is installed in the webroot (really not recommended see installation manual \r\n2) register_globals is on (really really not recommended off by default since php 4.2.0 read http://www.php.net/register_globals \r\n3) allow_url_fopen is on (on by default often set to off by hosting providers) \r\n

Share on: