Vulnerabilities > CVE-2006-3361 - Remote File Include vulnerability in RETIRED: Stud.IP

047910
CVSS 5.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
high complexity
stud-ip
exploit available

Summary

PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) _PHPLIB[libdir] parameter in studip-phplib/oohforms.inc and (2) ABSOLUTE_PATH_STUDIP parameter in studip-htdocs/archiv_assi.php.

Vulnerable Configurations

Part Description Count
Application
Stud.Ip
1

Exploit-Db

descriptionStud.IP <= 1.3.0-2 Multiple Remote File Include Vulnerabilities. CVE-2006-3361. Webapps exploit for php platform
idEDB-ID:1969
last seen2016-01-31
modified2006-07-01
published2006-07-01
reporterHamid Ebadi
sourcehttps://www.exploit-db.com/download/1969/
titleStud.IP <= 1.3.0-2 - Multiple Remote File Include Vulnerabilities