BandSite CMS 1.1.1 - 'ROOT_PATH' Remote File Inclusion

admin

0
文章

0
评论

2023-12-14 14:56:34 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

BandSite CMS 1.1.1 - 'ROOT_PATH' Remote File Inclusion

CVE编号

CVE-2006-3193

利用情况

暂无

补丁情况

N/A

披露时间

2006-06-23

漏洞描述

Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS 1.1.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) includes/content/contact_content.php; multiple files in adminpanel/includes/add_forms/ including (2) addbioform.php, (3) addfliersform.php, (4) addgenmerchform.php, (5) addinterviewsform.php, (6) addlinksform.php, (7) addlyricsform.php, (8) addmembioform.php, (9) addmerchform.php, (10) addmerchpicform.php, (11) addnewsform.php, (12) addphotosform.php, (13) addreleaseform.php, (14) addreleasepicform.php, (15) addrelmerchform.php, (16) addreviewsform.php, (17) addshowsform.php, (18) addwearmerchform.php; (19) adminpanel/includes/mailinglist/disphtmltbl.php, and (20) adminpanel/includes/mailinglist/dispxls.php.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
http://secunia.com/advisories/20768
http://sourceforge.net/project/shownotes.php?release_id=428062
http://www.osvdb.org/27233
http://www.osvdb.org/27234
http://www.osvdb.org/27235
http://www.osvdb.org/27236
http://www.osvdb.org/27237
http://www.osvdb.org/27238
http://www.osvdb.org/27239
http://www.osvdb.org/27240
http://www.osvdb.org/27241
http://www.osvdb.org/27242
http://www.osvdb.org/27243
http://www.osvdb.org/27244
http://www.osvdb.org/27245
http://www.osvdb.org/27246
http://www.osvdb.org/27247
http://www.osvdb.org/27248
http://www.osvdb.org/27249
http://www.osvdb.org/27250
http://www.osvdb.org/27251
http://www.osvdb.org/27252
http://www.securityfocus.com/bid/18555
http://www.vupen.com/english/advisories/2006/2462
https://www.exploit-db.com/exploits/1933