Release DateFeb 12, 2007 |
Severitymedium |
ImpactExecute arbitrary PHP code. |
DescriptionA PHP remote file inclusion vulnerability in admin/editeur/spaw_control.class.php in Web Provence SL_Site 1.0 and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. |
Affected ProductsWeb-Provence SL_site 1.0 |
Recommended ActionsCurrently we are not aware of any vendor-supplied patches for this issue.http://www.web-provence.org/page.php?id_page=8. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2006-4656 |
Reference/shttp://www.milw0rm.com/exploits/2317http://xforce.iss.net/xforce/xfdb/28783 http://spaw.cvs.sourceforge.net/spaw/spaw/spaw_control.class.php?r1=1.19&r2=1.20 http://www.securityfocus.com/archive/1/archive/1/445520/100/0/threaded http://www.securityfocus.com/bid/19892 (BugTraq) |
