Lucene search
PRIOn knowledge basePRION:CVE-2007-5307HistoryOct 09, 2007 - 6:17 p.m.
Command injection
2007-10-0918:17:00
PRIOn knowledge base
www.prio-n.com
10
ELSEIF CMS Beta 0.6 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter’s hash value, which allows remote attackers to execute arbitrary PHP code by uploading a .php file via externe/swfupload/upload.php. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in ELSEIF CMS.
| CPE | Name | Operator | Version |
|---|---|---|---|
| else_if_cms | eq | 0.6.0-beta |
Related
cvelist
cvelist
nvd
nvd
cve
cve
ubuntucve
ubuntucve
nessus
nessus
PmWiki < 2.1.21 Global Variables Overwriting
2006-09-06 00:00:00
e107 ibrowser.php zend_has_del() Function Remote Code Execution
2006-09-02 00:00:00
CentOS 3 / 4 : php (CESA-2006:0568)
2006-07-13 00:00:00
suse
suse
bug fix in php4
2006-06-22 15:32:39
remote code execution in PHP4,PHP5
2006-06-14 16:37:08
prion
prion
Sql injection
2007-01-13 02:28:00
Command injection
2007-10-12 21:17:00
Sql injection
2009-09-11 16:30:00
debiancve
debiancve
CVE-2006-5116
2006-10-03 04:03:00
CVE-2007-0233
2007-01-13 02:28:00
redhat
redhat
(RHSA-2006:0567) php security update
2006-07-25 00:00:00
(RHSA-2006:0568) php security update
2006-07-12 00:00:00
centos
centos
php security update
2006-07-26 22:56:15
php security update
2006-07-12 19:14:58
openvas
openvas
Debian Security Advisory DSA 1206-1 (php4)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1206-1)
2008-01-17 00:00:00
Ubuntu: Security Advisory (USN-320-1)
2022-08-26 00:00:00
debian
debian
[SECURITY] [DSA 1206-1] New php4 packages fix several vulnerabilities
2006-11-06 18:13:12
osv
osv
php4
2006-11-06 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2006-07-19 00:00:00