CVE

Id
18680  
CVE No.
CVE-2006-2576  
Status
Candidate  
Description
Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) GLOBALS[where_framework] to (a) lib.simplesel.php, (b) lib.filelist.php, (c) tree.documents.php, (d) lib.repo.php, and (e) lib.php, and (2) GLOBALS[where_scs] to (f) lib.teleskill.php. NOTE: this issue might be resultant from a global overwrite vulnerability.  
Phase
Assigned (20060524)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
163441 18680 CVE-2006-2576 BUGTRAQ:20060609 Docebo Kms 3.0.3, Remote command execution  View
163442 18680 CVE-2006-2576 URL:http://archives.neohapsis.com/archives/bugtraq/2006-06/0113.html  View
163443 18680 CVE-2006-2576 MILW0RM:1817  View
163444 18680 CVE-2006-2576 URL:http://milw0rm.com/exploits/1817  View
163445 18680 CVE-2006-2576 VUPEN:ADV-2006-1935  View
163446 18680 CVE-2006-2576 URL:http://www.vupen.com/english/advisories/2006/1935  View
163447 18680 CVE-2006-2576 OSVDB:25757  View
163448 18680 CVE-2006-2576 URL:http://www.osvdb.org/25757  View
163449 18680 CVE-2006-2576 OSVDB:26711  View
163450 18680 CVE-2006-2576 URL:http://www.osvdb.org/26711  View
163451 18680 CVE-2006-2576 SECUNIA:20260  View
163452 18680 CVE-2006-2576 URL:http://secunia.com/advisories/20260  View
163453 18680 CVE-2006-2576 XF:docebo-multiple-file-include(26633)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
61527 JVNDB-2006-003793 eSyndicat Directory の admin/cron.php における任意のファイルをインクルードされる脆弱性 eSyndicat Directory の admin/cron.phpには、任意のファイルをインクルードされる、および任意の PHP コードを実行される脆弱性が存在します。 CVE-2006-2578 18680 5.1 http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-003793.html  View