Vulnerability Description
Multiple PHP remote file inclusion vulnerabilities in DreamCost HostAdmin 3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) functions.php and (2) members.php. NOTE: the index.php vector is covered by CVE-2006-0791.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dreamcost | Hostadmin | 3.0 |
References
- http://secunia.com/advisories/18901Vendor Advisory
- http://securityreason.com/securityalert/2289
- http://www.majorsecurity.de/advisory/major_rls9.txtVendor Advisory
- http://www.securityfocus.com/archive/1/435993/30/4650/threaded
- http://www.securityfocus.com/bid/18284
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24723
- http://secunia.com/advisories/18901Vendor Advisory
- http://securityreason.com/securityalert/2289
- http://www.majorsecurity.de/advisory/major_rls9.txtVendor Advisory
- http://www.securityfocus.com/archive/1/435993/30/4650/threaded
- http://www.securityfocus.com/bid/18284
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24723
FAQ
What is CVE-2006-7056?
CVE-2006-7056 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple PHP remote file inclusion vulnerabilities in DreamCost HostAdmin 3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) functions.php and ...
How severe is CVE-2006-7056?
CVE-2006-7056 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-7056?
Check the references section above for vendor advisories and patch information. Affected products include: Dreamcost Hostadmin.