CVE

Id
18419  
CVE No.
CVE-2006-2315  
Status
Candidate  
Description
** DISPUTED ** PHP remote file inclusion vulnerability in session.inc.php in ISPConfig 2.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the go_info[server][classes_root] parameter. NOTE: the vendor has disputed this vulnerability, saying that session.inc.php is not under the web root in version 2.2, and register_globals is not enabled.  
Phase
Assigned (20060511)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
159925 18419 CVE-2006-2315 FULLDISC:20060507 [XPA] - ISPConfig <= 2.2.2 - Remote Command Execution Vulnerability  View
159926 18419 CVE-2006-2315 URL:http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045855.html  View
159927 18419 CVE-2006-2315 MISC:http://www.xorcrew.net/xpa/XPA-ISPConfig.txt  View
159928 18419 CVE-2006-2315 BUGTRAQ:20060616 Re: [Bugtraq ID: 17909] ISPConfig Session.INC.PHP Remote File Include Vulnerability  View
159929 18419 CVE-2006-2315 URL:http://www.securityfocus.com/archive/1/archive/1/437456/100/200/threaded  View
159930 18419 CVE-2006-2315 MILW0RM:1762  View
159931 18419 CVE-2006-2315 URL:http://milw0rm.com/exploits/1762  View
159932 18419 CVE-2006-2315 MISC:http://www.howtoforge.com/forums/showthread.php?t=4123  View
159933 18419 CVE-2006-2315 BID:17909  View
159934 18419 CVE-2006-2315 URL:http://www.securityfocus.com/bid/17909  View
159935 18419 CVE-2006-2315 VUPEN:ADV-2006-1727  View
159936 18419 CVE-2006-2315 URL:http://www.vupen.com/english/advisories/2006/1727  View
159937 18419 CVE-2006-2315 OSVDB:25355  View
159938 18419 CVE-2006-2315 URL:http://www.osvdb.org/25355  View
159939 18419 CVE-2006-2315 SECUNIA:19994  View
159940 18419 CVE-2006-2315 URL:http://secunia.com/advisories/19994  View
159941 18419 CVE-2006-2315 XF:ispconfig-session-inc-file-include(26299)  View

Related JVN