mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-23 10:49:42 +02:00
0xMarcio
798 B
798 B
CVE-2006-4198
Description
PHP remote file inclusion vulnerability in includes/session.php in Wheatblog (wB) 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wb_class_dir parameter.
POC
Reference
- http://securityreason.com/securityalert/1410
- http://secwatch.org/advisories/1015085/
- https://www.exploit-db.com/exploits/2174