Vulnerabilities > CVE-2006-4530 - Unspecified vulnerability in Membrepass 1.5
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Direct static code injection vulnerability in include/change.php in membrepass 1.5 allows remote attackers to execute arbitrary PHP code via the aifon parameter, which is injected into include/variable.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://secunia.com/advisories/21715
- http://secunia.com/advisories/21715
- http://securityreason.com/securityalert/1487
- http://securityreason.com/securityalert/1487
- http://www.securityfocus.com/archive/1/444845/100/0/threaded
- http://www.securityfocus.com/archive/1/444845/100/0/threaded
- http://www.securityfocus.com/bid/19790
- http://www.securityfocus.com/bid/19790
- http://www.vupen.com/english/advisories/2006/3427
- http://www.vupen.com/english/advisories/2006/3427
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28692
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28692