Remote Code Execution Vulnerability in eyeOS by eyeOS Team
CVE-2006-0636

Currently unrated

Key Information:

Vendor: Eyeos Project
Status: Eyeos
Vendor: CVE Published:; 10 February 2006

🔔 Create Eyeos Project Vulnerability Alert

What is CVE-2006-0636?

A vulnerability exists in eyeOS versions 0.8.9 and earlier, where the desktop.php file fails to check for the presence of the _SESSION variable before calling the session_start function. This oversight allows remote attackers to manipulate SESSION data and execute arbitrary PHP code, potentially leading to unauthorized actions or further attacks through the modification of critical system variables. The exploitation of this vulnerability showcases the importance of secure session management in web applications.

References

http://securityreason.com/securityalert/419

third-party-advisoryx_refsource_SREASON

http://www.vupen.com/english/advisories/2006/0466

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/archive/1/424329/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 10, 2006
Vulnerability Reserved
Feb 10, 2006

CVE-2006-0636 Data

JSON