CVE-2006-5734
N/A
N/A
Summary
Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) section parameter in (a) documentation/common/frame_toc.php and (b) documentation/common/search.php, the (2) req_lang parameter in documentation/common/search.php and (c) documentation/common/vitals.inc.php, the (3) row[dir_name] parameter in (d) include/classes/module/module.class.php, and the (4) lang_path parameter in (e) include/classes/phpmailer/class.phpmailer.php. NOTE: the print.php vector is already covered by CVE-2005-3404.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29693
- http://securityreason.com/securityalert/1823
- http://www.securityfocus.com/bid/20634
- http://www.securityfocus.com/archive/1/449233/100/200/threaded
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29693
- http://securityreason.com/securityalert/1823
- http://www.securityfocus.com/bid/20634
- http://www.securityfocus.com/archive/1/449233/100/200/threaded
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.