Vulnerability Description
PHP remote file inclusion vulnerability in skins/advanced/advanced1.php in Sabdrimer Pro 2.2.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pluginpath[0] parameter.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sabdrimer Cms | Sabdrimer Cms | <= 2.2.4 |
References
- http://www.securityfocus.com/bid/18907Exploit
- http://www.vupen.com/english/advisories/2006/2717
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27627
- https://www.exploit-db.com/exploits/1996
- http://www.securityfocus.com/bid/18907Exploit
- http://www.vupen.com/english/advisories/2006/2717
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27627
- https://www.exploit-db.com/exploits/1996
FAQ
What is CVE-2006-3520?
CVE-2006-3520 is a vulnerability with a CVSS score of 7.5 (HIGH). PHP remote file inclusion vulnerability in skins/advanced/advanced1.php in Sabdrimer Pro 2.2.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the...
How severe is CVE-2006-3520?
CVE-2006-3520 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3520?
Check the references section above for vendor advisories and patch information. Affected products include: Sabdrimer Cms Sabdrimer Cms.