CVE-2006-6710 Information

Description

Multiple PHP remote file inclusion vulnerabilities in PgmReloaded 0.8.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang parameter to (a) index.php the (2) CFG[libdir] and (3) CFG[localedir] parameters to (b) common.inc.php and the CFG[localelangdir] parameter to (c) form_header.php.

Reference

http://secunia.com/advisories/23480 http://www.securityfocus.com/bid/21696 http://www.vupen.com/english/advisories/2006/5116 https://www.exploit-db.com/exploits/2971