CVE-2006-3193
Description
Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS 1.1.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) includes/content/contact_content.php; multiple files in adminpanel/includes/add_forms/ including (2) addbioform.php, (3) addfliersform.php, (4) addgenmerchform.php, (5) addinterviewsform.php, (6) addlinksform.php, (7) addlyricsform.php, (8) addmembioform.php, (9) addmerchform.php, (10) addmerchpicform.php, (11) addnewsform.php, (12) addphotosform.php, (13) addreleaseform.php, (14) addreleasepicform.php, (15) addrelmerchform.php, (16) addreviewsform.php, (17) addshowsform.php, (18) addwearmerchform.php; (19) adminpanel/includes/mailinglist/disphtmltbl.php, and (20) adminpanel/includes/mailinglist/dispxls.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:grayscale:bandsite_cms:1.1.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:grayscale:bandsite_cms:1.1.1:*:*:*:*:*:*:*
- (no CPE)range: =1.1.1
Patches
Vulnerability mechanics
References
25- www.osvdb.org/27240nvdExploit
- www.osvdb.org/27241nvdExploit
- www.osvdb.org/27242nvdExploit
- www.osvdb.org/27243nvdExploit
- www.osvdb.org/27244nvdExploit
- www.osvdb.org/27245nvdExploit
- www.osvdb.org/27247nvdExploit
- www.osvdb.org/27248nvdExploit
- www.osvdb.org/27249nvdExploit
- www.osvdb.org/27250nvdExploit
- www.osvdb.org/27251nvdExploit
- www.osvdb.org/27252nvdExploit
- secunia.com/advisories/20768nvdVendor Advisory
- www.vupen.com/english/advisories/2006/2462nvdVendor Advisory
- sourceforge.net/project/shownotes.phpnvd
- www.osvdb.org/27233nvd
- www.osvdb.org/27234nvd
- www.osvdb.org/27235nvd
- www.osvdb.org/27236nvd
- www.osvdb.org/27237nvd
- www.osvdb.org/27238nvd
- www.osvdb.org/27239nvd
- www.osvdb.org/27246nvd
- www.securityfocus.com/bid/18555nvd
- www.exploit-db.com/exploits/1933nvd
News mentions
0No linked articles in our index yet.