Vulnerabilities > CVE-2006-5894 - Local File Include vulnerability in Rama CMS Lang Parameter
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Rama CMS <= 0.68 (Cookie: lang) Local File Include Exploit. CVE-2006-5894. Webapps exploit for php platform |
| file | exploits/php/webapps/2760.php |
| id | EDB-ID:2760 |
| last seen | 2016-01-31 |
| modified | 2006-11-12 |
| platform | php |
| port | |
| published | 2006-11-12 |
| reporter | Kacper |
| source | https://www.exploit-db.com/download/2760/ |
| title | Rama CMS <= 0.68 Cookie: lang Local File Include Exploit |
| type | webapps |