CVE-2006-5734 Information
Description
Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) section parameter in (a) documentation/common/frame_toc.php and (b) documentation/common/search.php the (2) req_lang parameter in documentation/common/search.php and (c) documentation/common/vitals.inc.php the (3) row[dir_name] parameter in (d) include/classes/module/module.class.php and the (4) lang_path parameter in (e) include/classes/phpmailer/class.phpmailer.php. NOTE: the print.php vector is already covered by CVE-2005-3404.
Reference
http://securityreason.com/securityalert/1823 http://www.securityfocus.com/archive/1/449233/100/200/threaded http://www.securityfocus.com/bid/20634 https://exchange.xforce.ibmcloud.com/vulnerabilities/29693
Share on: