CVE-2006-3193
Description
Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS 1.1.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) includes/content/contact_content.php; multiple files in adminpanel/includes/add_forms/ including (2) addbioform.php, (3) addfliersform.php, (4) addgenmerchform.php, (5) addinterviewsform.php, (6) addlinksform.php, (7) addlyricsform.php, (8) addmembioform.php, (9) addmerchform.php, (10) addmerchpicform.php, (11) addnewsform.php, (12) addphotosform.php, (13) addreleaseform.php, (14) addreleasepicform.php, (15) addrelmerchform.php, (16) addreviewsform.php, (17) addshowsform.php, (18) addwearmerchform.php; (19) adminpanel/includes/mailinglist/disphtmltbl.php, and (20) adminpanel/includes/mailinglist/dispxls.php.
Affected products
1- cpe:2.3:a:grayscale:bandsite_cms:1.1.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
25- www.osvdb.org/27240nvdExploit
- www.osvdb.org/27241nvdExploit
- www.osvdb.org/27242nvdExploit
- www.osvdb.org/27243nvdExploit
- www.osvdb.org/27244nvdExploit
- www.osvdb.org/27245nvdExploit
- www.osvdb.org/27247nvdExploit
- www.osvdb.org/27248nvdExploit
- www.osvdb.org/27249nvdExploit
- www.osvdb.org/27250nvdExploit
- www.osvdb.org/27251nvdExploit
- www.osvdb.org/27252nvdExploit
- secunia.com/advisories/20768nvdVendor Advisory
- www.vupen.com/english/advisories/2006/2462nvdVendor Advisory
- sourceforge.net/project/shownotes.phpnvd
- www.osvdb.org/27233nvd
- www.osvdb.org/27234nvd
- www.osvdb.org/27235nvd
- www.osvdb.org/27236nvd
- www.osvdb.org/27237nvd
- www.osvdb.org/27238nvd
- www.osvdb.org/27239nvd
- www.osvdb.org/27246nvd
- www.securityfocus.com/bid/18555nvd
- www.exploit-db.com/exploits/1933nvd
News mentions
0No linked articles in our index yet.