navairum

CVE-2006-5838 EXPLOITDB text WORKING POC

NewP News Publication System 1.0.0 - Remote File Inclusion via path Parameter

PHP remote file inclusion vulnerability in lib/class.Database.php in NewP News Publication System 1.0.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the path parameter.

View Code

CVE-2006-5930 EXPLOITDB text WORKING POC

Aigaion <= 1.2.1 - Remote File Inclusion via DIR Parameter

Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to (1) _basicfunctions.php, or (2) pageactionauthor.php.

View Code