PHP Remote File Inclusion Vulnerability in ISPConfig by ISPConfig
CVE-2006-2315

Currently unrated

Key Information:

Vendor

Ispconfig

Status
Ispconfig
Vendor
CVE Published:
12 May 2006

What is CVE-2006-2315?

This vulnerability is a PHP remote file inclusion issue found in session.inc.php of ISPConfig versions 2.2.2 and earlier. It permits remote attackers to execute arbitrary PHP code by injecting a malicious URL into the go_info[server][classes_root] parameter. Although the vendor claims that session.inc.php is not within the web root and that register_globals is disabled in version 2.2, the potential for exploitation remains, allowing unauthorized access and control of affected systems. Administrators are encouraged to review their configurations and update to secure versions.

References

http://www.securityfocus.com/bid/17909
vdb-entryx_refsource_BID
http://www.osvdb.org/25355
vdb-entryx_refsource_OSVDB
http://www.vupen.com/english/advisories/2006/1727
vdb-entryx_refsource_VUPEN

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2006-2315 : PHP Remote File Inclusion Vulnerability in ISPConfig by ISPConfig