Dynamic variable evaluation vulnerability in index.php in Stadtaus Guestbook Script 1.7 and earlier, when register_globals is enabled, allows remote attackers to modify arbitrary program variables via parameters, which are evaluated as PHP variable variables, as demonstrated by performing PHP remote file inclusion using the include_files array parameter.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2006-05-03T10:00:00
Updated: 2024-08-07T17:43:27.402Z
Reserved: 2006-05-03T00:00:00
Link: CVE-2006-2158
Vulnrichment
No data.
NVD
Status : Modified
Published: 2006-05-03T10:02:00.000
Modified: 2024-11-21T00:10:41.353
Link: CVE-2006-2158
Redhat
No data.