PT-2006-6099 · Contenido · Contenido Cms
Cvir.System
·
Published
2006-10-18
·
Updated
2024-08-07
·
CVE-2006-5380
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Contenido CMS versions prior to 4.6.15
Description
A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via a URL in the
contenido path parameter to (1) "cms/dbfs.php" or (2) "cms/front content.php".Recommendations
For versions prior to 4.6.15, as a temporary workaround, consider restricting access to the
contenido path parameter in the affected API endpoints "cms/dbfs.php" and "cms/front content.php" until a patch is available.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Contenido Cms