CVE-2006-5533 | Vulnerability Database | Aqua Security

Multiple PHP remote file inclusion vulnerabilities in AROUNDMe 0.6.9, and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the templatePath parameter in template/barnraiser_01/pol_view.tpl.php and other unspecified PHP scripts, a different vector than CVE-2006-5401.

Affected Software

Name	Vendor	Start Version	End Version
Aroundme	Aroundme	*	0.6.9 (including)

References

http://marc.info/?l=full-disclosure\u0026m=116154841209515\u0026w=2
http://securityreason.com/securityalert/1786
http://securitytracker.com/id?1017106
http://www.securityfocus.com/archive/1/449476/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/29743
http://marc.info/?l=full-disclosure\u0026m=116154841209515\u0026w=2
http://securityreason.com/securityalert/1786
http://securitytracker.com/id?1017106
http://www.securityfocus.com/archive/1/449476/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/29743

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-5533
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html