Description

Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3) browse.php, (4) cc.php, (5) click.php, (6) faq.php, (7) gallery.php, (8) im.php, (9) inbox.php, (10) join_form.php, (11) logout.php, (12) messages_inbox.php, and many other scripts.

Remediation

References

CVE-2006-4189

Related Vulnerabilities

WordPress Plugin Zingiri Web Shop 'uploadfilexd.php' Arbitrary File Upload (2.4.3)

TCExam Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-4237)

Oracle HTTP Server Other Vulnerability (CVE-2002-0659)

WordPress Plugin Profile Builder-User Profile & User Registration Forms Cross-Site Scripting (3.6.7)

WordPress Plugin Broken Link Checker Cross-Site Scripting (1.10.5)

Severity

Medium

Classification

CVE-2006-4189

Tags

Missing Update Known Vulnerabilities