Vulnerability Description
PHP remote file inclusion vulnerability in common/visiteurs/include/library.inc.php in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the lvc_modules_dir parameter. NOTE: CVE disputes this vulnerability, because the inclusion occurs in a function that is not called during a direct request to library.inc.php
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| J-Pierre Dezelus | Les Visiteurs | 2.0.1 |
| Phpmyconferences | Phpmyconferences | 8.0.2 |
References
- http://securityreason.com/securityalert/1810
- http://www.attrition.org/pipermail/vim/2006-November/001105.htmlExploit
- http://www.securityfocus.com/archive/1/450140/100/0/threaded
- http://www.securityfocus.com/archive/1/450467/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29919
- http://securityreason.com/securityalert/1810
- http://www.attrition.org/pipermail/vim/2006-November/001105.htmlExploit
- http://www.securityfocus.com/archive/1/450140/100/0/threaded
- http://www.securityfocus.com/archive/1/450467/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29919
FAQ
What is CVE-2006-5678?
CVE-2006-5678 is a vulnerability with a CVSS score of 9.8 (CRITICAL). PHP remote file inclusion vulnerability in common/visiteurs/include/library.inc.php in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other prod...
How severe is CVE-2006-5678?
CVE-2006-5678 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2006-5678?
Check the references section above for vendor advisories and patch information. Affected products include: J-Pierre Dezelus Les Visiteurs, Phpmyconferences Phpmyconferences.