CVE Vulnerabilities

CVE-2006-7024

Published: Feb 15, 2007 | Modified: Oct 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) func_prog parameter to (a) preload.php and (b) index.php; (2) header_prog parameter to (c) missing.php and (d) email.php, (e) files.php, (f) headlines.php, (g) search.php, (h) topics.php, and (i) users.php in _mods/; (3) theme_root parameter to (j) footer.php, (k) header.php, (l) pfooter.php, and (m) pheader.php in _inc; (4) mod_root parameter to _inc/header.php; and the (5) mod_dir and (6) php_ext parameters to (n) _inc/web_statsConfig.php.

Affected Software

Name Vendor Start Version End Version
Harpia_cms Harpia * 1.0.5 (including)

References