PHP remote file inclusion vulnerability in misc.php in SH-News 0.93, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the news_cfg[path] parameter.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/21761 | Exploit |
http://secunia.com/advisories/23524 | Exploit Vendor Advisory |
http://www.vupen.com/english/advisories/2006/5161 | |
https://www.exploit-db.com/exploits/2984 |
Configurations
Information
Published : 2006-12-28 13:28
Updated : 2017-10-18 18:29
NVD link : CVE-2006-6801
Mitre link : CVE-2006-6801
JSON object : View
CWE
Products Affected
sh-news
- sh-news