Vulnerability Description
Multiple PHP remote file include vulnerabilities in gorum/gorumlib.php in Noah's Classifieds 1.3, when register_globals is enabled, allow remote attackers to include arbitrary PHP files via the (1) upperTemplate and (2) lowerTemplate parameters, as demonstrated using the lowerTemplate parameter to index.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpoutsourcing | Noahs Classifieds | 1.2 |
References
- http://securitytracker.com/id?1015667
- http://www.kapda.ir/advisory-268.htmlExploitVendor Advisory
- http://www.securityfocus.com/archive/1/425783/100/0/threaded
- http://www.securityfocus.com/bid/16780Exploit
- http://www.vupen.com/english/advisories/2006/0703
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24899
- http://securitytracker.com/id?1015667
- http://www.kapda.ir/advisory-268.htmlExploitVendor Advisory
- http://www.securityfocus.com/archive/1/425783/100/0/threaded
- http://www.securityfocus.com/bid/16780Exploit
- http://www.vupen.com/english/advisories/2006/0703
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24899
FAQ
What is CVE-2006-0881?
CVE-2006-0881 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple PHP remote file include vulnerabilities in gorum/gorumlib.php in Noah's Classifieds 1.3, when register_globals is enabled, allow remote attackers to include arbitrary PHP files via the (1) up...
How severe is CVE-2006-0881?
CVE-2006-0881 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0881?
Check the references section above for vendor advisories and patch information. Affected products include: Phpoutsourcing Noahs Classifieds.