CVE-2006-7024 Information

Description

Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) func_prog parameter to (a) preload.php and (b) index.php; (2) header_prog parameter to (c) missing.php and (d) email.php (e) files.php (f) headlines.php (g) search.php (h) topics.php and (i) users.php in _mods/; (3) theme_root parameter to (j) footer.php (k) header.php (l) pfooter.php and (m) pheader.php in _inc; (4) mod_root parameter to _inc/header.php; and the (5) mod_dir and (6) php_ext parameters to (n) _inc/web_statsConfig.php.

Reference

http://www.securityfocus.com/bid/18614 https://exchange.xforce.ibmcloud.com/vulnerabilities/27308 https://www.exploit-db.com/exploits/1943