Vulnerabilities > CVE-2006-2424 - Unspecified vulnerability in Ezusermanager 1.5/1.6

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

ezusermanager

exploit available

NVD

Published: 2006-05-17

Updated: 2024-11-21

Summary

PHP remote file inclusion vulnerability in ezUserManager 1.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the ezUserManager_Path parameter to ezusermanager_pwd_forgott.php, possibly due to an issue in ezusermanager_core.inc.php.

Vulnerable Configurations

Part	Description	Count
Application	Ezusermanager Ezusermanager Ezusermanager 1.5 Ezusermanager Ezusermanager 1.6	2

Exploit-Db

description	ezUserManager <= 1.6 Remote File Inclusion Vulnerability. CVE-2006-2424. Webapps exploit for php platform
file	exploits/php/webapps/1795.txt
id	EDB-ID:1795
last seen	2016-01-31
modified	2006-05-15
platform	php
port
published	2006-05-15
reporter	OLiBekaS
source	https://www.exploit-db.com/download/1795/
title	ezusermanager <= 1.6 - Remote File Inclusion Vulnerability
type	webapps

Summary

Vulnerable Configurations

Exploit-Db

References