RSS   Vulnerabilities for 'Interact'   RSS

2006-08-29
 
CVE-2006-4448

CWE-Other
 

 
Multiple PHP remote file inclusion vulnerabilities in interact 2.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[BASE_PATH] parameter in (a) admin/autoprompter.php and (b) includes/common.inc.php, and the (2) CONFIG[LANGUAGE_CPATH] parameter in (c) admin/autoprompter.php.

 


Copyright 2024, cxsecurity.com

 

Back to Top