RSS   Vulnerabilities for 'Centipaid'   RSS

2007-02-08
 
CVE-2006-6976

 

 
PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.2 and earlier allows remote attackers to execute arbitrary code via a URL in the absolute_path parameter.

 
 
CVE-2006-6975

CWE-94
 

 
** DISPUTED ** PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the class_pwd parameter. NOTE: this issue has been disputed by CVE and multiple third parties, who state that $class_pwd is set to a static value before the relevant include statement.

 


Copyright 2024, cxsecurity.com

 

Back to Top