Vulnerabilities > CVE-2006-2424 - Remote File Include vulnerability in Ezusermanager 1.5/1.6
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
PHP remote file inclusion vulnerability in ezUserManager 1.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the ezUserManager_Path parameter to ezusermanager_pwd_forgott.php, possibly due to an issue in ezusermanager_core.inc.php. The vulnerability has been confirmed in version 1.6 and the vendor states that only version 1.6 is affected. Successful exploitation requires that "register_globals" is enabled. A patched version (1.7b) was released 17th May 2006 that fixes this vulnerbility.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | ezUserManager <= 1.6 Remote File Inclusion Vulnerability. CVE-2006-2424. Webapps exploit for php platform |
| file | exploits/php/webapps/1795.txt |
| id | EDB-ID:1795 |
| last seen | 2016-01-31 |
| modified | 2006-05-15 |
| platform | php |
| port | |
| published | 2006-05-15 |
| reporter | OLiBekaS |
| source | https://www.exploit-db.com/download/1795/ |
| title | ezusermanager <= 1.6 - Remote File Inclusion Vulnerability |
| type | webapps |