Vulnerabilities > CVE-2006-5432 - Remote Code Execution vulnerability in Marc Giombetti PHPpowercards 2.10
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple direct static code injection vulnerabilities in db/txt.inc.php in phpPowerCards 2.10, when register_globals is enabled, allow remote attackers to create or overwrite arbitrary files via the (1) email[to], (2) email[from], (3) name[to], (4) name[from], (5) picture, (6) comment, or (7) sessionID parameter, as demonstrated by creating a new .php file that permits remote file inclusion, and then requesting this file.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | phpPowerCards 2.10 (txt.inc.php) Remote Code Execution Vulnerability. CVE-2006-5432. Webapps exploit for php platform |
file | exploits/php/webapps/2590.txt |
id | EDB-ID:2590 |
last seen | 2016-01-31 |
modified | 2006-10-18 |
platform | php |
port | |
published | 2006-10-18 |
reporter | nuffsaid |
source | https://www.exploit-db.com/download/2590/ |
title | phpPowerCards 2.10 txt.inc.php Remote Code Execution Vulnerability |
type | webapps |