CVE-2006-0957
news
/
advisories
/
forum
/
software
/
advertising
/
search
/
exploits
[EN]
securityvulns.ru
no-pyccku
CVE
CVE-2006-0957
Status
Candidate
Description
Direct static code injection vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to execute arbitrary PHP code via the (1) X-Forwarded-For and (2) Client-Ip HTTP headers, which are stored in Data/flood.db.php.
Severity
High
CVSS score
7
CVSS vector
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Phase
Assigned (02.03.2006)
NVD:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-0957
References
BID :
16871
BUGTRAQ :
20060310 [eVuln] FreeForum PHP Code Execution & Multiple XSS Vulnerabilities
CONFIRM :
http://soft.zoneo.net/freeForum/changes.php
FRSIRT :
ADV-2006-0759
MISC :
http://evuln.com/vulns/89/summary.html
SECUNIA :
19020
About
|
Terms of use
|
Privacy Policy
©
SecurityVulns
,
3APA3A
, Vladimir Dubrovin
Nizhny Novgorod
Enter your search terms
Web
securityvulns.com
Submit search form
test server
