PT-2006-1243 · Phgstats · Phgstats

Published

2006-01-11

Updated

2017-07-20

CVE-2006-0164

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions phgstats versions prior to 0.5.1

Description The issue allows remote attackers to include arbitrary files and execute arbitrary PHP code by modifying the PHGDIR variable, but only if register globals is enabled.

Recommendations For versions prior to 0.5.1, update to version 0.5.1 or later to resolve the issue. As a temporary workaround, consider disabling the register globals setting to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0164

Affected Products

Phgstats

PT-2006-1243 · Phgstats · Phgstats

CVE-2006-0164

Related Identifiers

Affected Products

References · 8