Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2006-3532

PHP file inclusion vulnerability in includes/edit_new.php in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a FTP URL or full file path in the Paths[extensions_path] parameter.

See the

CVE page on Mitre.org for more details.

References

MISC: http://retrogod.alterv...
BID: 18881
SECUNIA: 20962
OSVDB: 27512
SREASON: 1214
XF: pivot-editnew-file-inc...
BUGTRAQ: 20060707 Pivot <=1.30r...

Launchpad.net

CVE 2006-3532

Related bugs

References