CVE-2006-3193
N/A
Summary
Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS 1.1.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) includes/content/contact_content.php; multiple files in adminpanel/includes/add_forms/ including (2) addbioform.php, (3) addfliersform.php, (4) addgenmerchform.php, (5) addinterviewsform.php, (6) addlinksform.php, (7) addlyricsform.php, (8) addmembioform.php, (9) addmerchform.php, (10) addmerchpicform.php, (11) addnewsform.php, (12) addphotosform.php, (13) addreleaseform.php, (14) addreleasepicform.php, (15) addrelmerchform.php, (16) addreviewsform.php, (17) addshowsform.php, (18) addwearmerchform.php; (19) adminpanel/includes/mailinglist/disphtmltbl.php, and (20) adminpanel/includes/mailinglist/dispxls.php.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.osvdb.org/27251
- http://www.osvdb.org/27242
- http://sourceforge.net/project/shownotes.php?release_id=428062
- http://www.osvdb.org/27245
- http://www.osvdb.org/27238
- http://www.osvdb.org/27250
- http://www.osvdb.org/27252
- http://www.osvdb.org/27240
- http://www.osvdb.org/27241
- http://www.osvdb.org/27244
- http://www.osvdb.org/27246
- http://www.osvdb.org/27235
- http://www.securityfocus.com/bid/18555
- http://www.osvdb.org/27233
- http://www.osvdb.org/27234
- http://www.osvdb.org/27236
- https://www.exploit-db.com/exploits/1933
- http://www.osvdb.org/27239
- http://www.osvdb.org/27248
- http://www.osvdb.org/27249
- http://www.osvdb.org/27237
- http://secunia.com/advisories/20768
- http://www.vupen.com/english/advisories/2006/2462
- http://www.osvdb.org/27247
- http://www.osvdb.org/27243
References
- http://www.osvdb.org/27251
- http://www.osvdb.org/27242
- http://sourceforge.net/project/shownotes.php?release_id=428062
- http://www.osvdb.org/27245
- http://www.osvdb.org/27238
- http://www.osvdb.org/27250
- http://www.osvdb.org/27252
- http://www.osvdb.org/27240
- http://www.osvdb.org/27241
- http://www.osvdb.org/27244
- http://www.osvdb.org/27246
- http://www.osvdb.org/27235
- http://www.securityfocus.com/bid/18555
- http://www.osvdb.org/27233
- http://www.osvdb.org/27234
- http://www.osvdb.org/27236
- https://www.exploit-db.com/exploits/1933
- http://www.osvdb.org/27239
- http://www.osvdb.org/27248
- http://www.osvdb.org/27249
- http://www.osvdb.org/27237
- http://secunia.com/advisories/20768
- http://www.vupen.com/english/advisories/2006/2462
- http://www.osvdb.org/27247
- http://www.osvdb.org/27243
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.