CVE-2006-6213 Information

Description

index.php in PEGames uses the extract function to overwrite critical variables which allows remote attackers to conduct PHP remote file inclusion attacks via the abs_url parameter which is later extracted to overwrite a previously uncontrolled value.

Reference

http://www.attrition.org/pipermail/vim/2006-November/001153.html http://www.securityfocus.com/bid/21266 https://exchange.xforce.ibmcloud.com/vulnerabilities/30517 https://www.exploit-db.com/exploits/2840 index.php in PEGames uses the extract function to overwrite critical variables which allows remote attackers to conduct PHP remote file inclusion attacks via the abs_url parameter which is later extracted to overwrite a previously uncontrolled value.