Vulnerabilities > CVE-2006-2033 - Input Validation vulnerability in Corenews 2.0.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
PHP remote file inclusion vulnerability in Core CoreNews 2.0.1 and earlier allows remote authenticated users to execute arbitrary commands via the show parameter. NOTE: this is a different vector than CVE-2006-1212, although it might be the same primary issue.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045372.html
- http://securityreason.com/securityalert/797
- http://www.nukedx.com/?getxpl=24
- http://www.securityfocus.com/archive/1/431761/100/0/threaded
- http://www.securityfocus.com/bid/17655
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25979