CVE-2006-5777 Information
Description
Creasito E-Commerce Content Manager 1.3.08 allows remote attackers to bypass authentication and perform privileged functions via a non-empty finame parameter to (1) addnewcont.php (2) adminpassw.php (3) amministrazione.php (4) artins.php (5) bgcolor.php (6) cancartcat.php (7) canccat.php (8) cancelart.php (9) cancontsit.php (10) chanpassamm.php (11) dele.php (12) delecat.php (13) delecont.php (14) emailall.php (15) gestflashtempl.php (16) gestmagart.php (17) gestmagaz.php (18) gestpre.php (19) input.php (20) input3.php (21) insnucat.php (22) instempflash.php (23) mailfc.php (24) modfdati.php (25) rescont4.php (26) ricordo1.php (27) ricordo4.php (28) tabcatalg.php (29) tabcont.php (30) tabcont3.php (31) tabstile.php (32) tabstile3.php (33) testimmg.php and (34) update.php in admin/. NOTE: some of these details are obtained from third party information.
Reference
http://secunia.com/advisories/22729 https://exchange.xforce.ibmcloud.com/vulnerabilities/30011 https://www.exploit-db.com/exploits/2709
Share on: