CVE-2006-6661 Information

Description

Variable overwrite vulnerability in blog.php in PHP-Update 2.7 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code via multiple vectors that use the extract function as demonstrated by the (1) f (2) newmessage (3) newusername (4) adminuser and (5) permission parameters.

Reference

http://secunia.com/advisories/23407 http://www.vupen.com/english/advisories/2006/5088 https://www.exploit-db.com/exploits/2953