Vulnerabilities > CVE-2006-5305 - Remote File Include vulnerability in Lat2Cyr Lat2Cyr.PHP
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
PHP remote file inclusion vulnerability in lat2cyr.php in the lat2cyr 1.0.1 and earlier phpbb module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. Successful exploitation requires that "register_globals" is enabled.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | phpBB lat2cyr Mod 1.0.1 (lat2cyr.php) Remote File Include Exploit. CVE-2006-5305. Webapps exploit for php platform |
| file | exploits/php/webapps/2546.pl |
| id | EDB-ID:2546 |
| last seen | 2016-01-31 |
| modified | 2006-10-13 |
| platform | php |
| port | |
| published | 2006-10-13 |
| reporter | Nima Salehi |
| source | https://www.exploit-db.com/download/2546/ |
| title | phpBB lat2cyr Mod 1.0.1 lat2cyr.php Remote File Include Exploit |
| type | webapps |
References
- http://secunia.com/advisories/22432
- http://securityreason.com/securityalert/1729
- http://www.securityfocus.com/archive/1/448660/100/0/threaded
- http://www.securityfocus.com/bid/20513
- http://www.vupen.com/english/advisories/2006/4050
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29572
- https://www.exploit-db.com/exploits/2546