CVE - CVE-2006-5495

CVE-ID
CVE-2006-5495	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple PHP remote file inclusion vulnerabilities in Trawler Web CMS 1.8.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_red2 parameter to (a) _msdazu_pdata/redaktion/artikel/up/index.php; (b) addtort.php, (c) colorpik2.php, (d) colorpik3.php, (e) extras_menu.php, (f) farbpalette.php, (g) lese_inc.php, and (h) newfile.php in _msdazu_share/richtext/; the (2) path_scr_dat2 parameter to (i)_msdazu_share/share/insert1.php; the (3) path_red parameter to (j) _msdazu_share/extras/downloads/index.php; and unspecified parameters in other files.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:20662 URL:http://www.securityfocus.com/bid/20662 BID:20678 URL:http://www.securityfocus.com/bid/20678 BUGTRAQ:20061021 trawler <= 1.8.1 Remote File Inclusion URL:http://www.securityfocus.com/archive/1/449459/100/0/threaded EXPLOIT-DB:2611 URL:https://www.exploit-db.com/exploits/2611 MISC:http://cmsblog.msdazu.de/?p=209 OSVDB:29960 URL:~~http://www.osvdb.org/29960~~ (Obsolete source) OSVDB:29961 URL:~~http://www.osvdb.org/29961~~ (Obsolete source) OSVDB:29962 URL:~~http://www.osvdb.org/29962~~ (Obsolete source) OSVDB:29963 URL:~~http://www.osvdb.org/29963~~ (Obsolete source) OSVDB:29964 URL:~~http://www.osvdb.org/29964~~ (Obsolete source) OSVDB:29965 URL:~~http://www.osvdb.org/29965~~ (Obsolete source) OSVDB:29966 URL:~~http://www.osvdb.org/29966~~ (Obsolete source) OSVDB:29967 URL:~~http://www.osvdb.org/29967~~ (Obsolete source) OSVDB:29968 URL:~~http://www.osvdb.org/29968~~ (Obsolete source) OSVDB:29969 URL:~~http://www.osvdb.org/29969~~ (Obsolete source) SECTRACK:1017111 URL:http://securitytracker.com/id?1017111 SECUNIA:22525 URL:http://secunia.com/advisories/22525 VUPEN:ADV-2006-4152 URL:~~http://www.vupen.com/english/advisories/2006/4152~~ (Obsolete source) XF:trawler-pathred-file-include(29715) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/29715
Assigning CNA
MITRE Corporation
Date Record Created
20061024	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20061024)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)