PHP Remote File Inclusion Vulnerabilities in ISPConfig by ISPConfig
CVE-2006-3042

Currently unrated

Key Information:

Vendor: Ispconfig
Status: Ispconfig
Vendor: CVE Published:; 15 June 2006

What is CVE-2006-3042?

Multiple vulnerabilities in ISPConfig 2.2.3 allow remote attackers to include arbitrary PHP files through manipulation of specific parameters in configuration scripts. Specifically, vulnerabilities in 'server.inc.php', 'app.inc.php', 'login.php', and 'trylogin.php' can facilitate remote code execution. The vendor contests these claims, arguing that the exposed scenarios do not reflect a standard installation. However, the implications of such vulnerabilities underscore the potential risks associated with improper handling of URL inputs in web applications.

References

http://www.osvdb.org/27474

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/archive/1/437415/100/100/thr...

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/18441

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2006
Vulnerability Reserved
Jun 15, 2006

Ispconfig

What is CVE-2006-3042?

References

Timeline