CVE-2006-5931 — MEDIUM (5.1)

Vulnerability Description

Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to certain PHP scripts in (1) lib/actions/, (2) lib/displays/, (3) lib/editforms/, (4) lib/functions/, (5) scheme/, and (6) the root directory. NOTE: the provenance of this information is unknown; details are obtained from third party sources.

CVSS Score

5.1

MEDIUM

AV:N/AC:H/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Aigaion	Aigaion	1.2.1

References

http://secunia.com/advisories/22862Vendor Advisory
http://secunia.com/advisories/22862Vendor Advisory

FAQ

What is CVE-2006-5931?

CVE-2006-5931 is a vulnerability with a CVSS score of 5.1 (MEDIUM). Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via...

How severe is CVE-2006-5931?

CVE-2006-5931 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-5931?

Check the references section above for vendor advisories and patch information. Affected products include: Aigaion Aigaion.