CVE-2006-6958 Information

Description

Multiple PHP remote file inclusion vulnerabilities in phpBlueDragon 2.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter to (1) team_admin.php (2) rss_admin.php (3) manual_admin.php and (4) forum_admin.php in includes/root_modules/ a different set of vectors than CVE-2006-3076.

Reference

http://packetstormsecurity.org/0606-exploits/phpbluedragon-2.txt http://securityreason.com/securityalert/2193 http://www.osvdb.org/27676 http://www.osvdb.org/27677 http://www.osvdb.org/27678 http://www.osvdb.org/27679 http://www.securityfocus.com/archive/1/438238/100/100/threaded http://www.securityfocus.com/bid/18609 https://exchange.xforce.ibmcloud.com/vulnerabilities/27152