CVE-2006-5101 - Self assertive Toothpicks
Description
PHP remote file inclusion vulnerability in include.php in Comdev CSV Importer 3.1 and possibly 4.1 as used in (1) Comdev Contact Form 3.1 (2) Comdev Customer Helpdesk 3.1 (3) Comdev Events Calendar 3.1 (4) Comdev FAQ Support 3.1 (5) Comdev Guestbook 3.1 (6) Comdev Links Directory 3.1 (7) Comdev News Publisher 3.1 (8) Comdev Newsletter 3.1 (9) Comdev Photo Gallery 3.1 (10) Comdev Vote Caster 3.1 (11) Comdev Web Blogger 3.1 and (12) Comdev eCommerce 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: it has been reported that 4.1 versions might also be affected.
Reference
http://secunia.com/advisories/22135 http://secunia.com/advisories/22133 http://secunia.com/advisories/22134 http://secunia.com/advisories/22147 http://secunia.com/advisories/22149 http://secunia.com/advisories/22151 http://secunia.com/advisories/22153 http://secunia.com/advisories/22154 http://secunia.com/advisories/22157 http://secunia.com/advisories/22168 http://secunia.com/advisories/22169 http://www.osvdb.org/29299 http://www.osvdb.org/29300 http://www.osvdb.org/29301 http://www.osvdb.org/29302 http://www.osvdb.org/29303 http://www.osvdb.org/29305 http://www.osvdb.org/29307 http://www.osvdb.org/29310 http://www.osvdb.org/29311 http://www.osvdb.org/29306 http://www.osvdb.org/29304 http://www.osvdb.org/29308 http://www.osvdb.org/29309 http://secunia.com/advisories/22170 http://securityreason.com/securityalert/1658 http://www.vupen.com/english/advisories/2006/3807 http://www.vupen.com/english/advisories/2006/3813 http://www.vupen.com/english/advisories/2006/3806 http://www.vupen.com/english/advisories/2006/3812 http://www.vupen.com/english/advisories/2006/3808 http://www.vupen.com/english/advisories/2006/3805 http://www.vupen.com/english/advisories/2006/3809 http://www.vupen.com/english/advisories/2006/3811 http://www.vupen.com/english/advisories/2006/3804 http://www.vupen.com/english/advisories/2006/3815 http://www.vupen.com/english/advisories/2006/3814 http://www.vupen.com/english/advisories/2006/3810 http://www.vupen.com/english/advisories/2006/3803 https://exchange.xforce.ibmcloud.com/vulnerabilities/29220 http://www.securityfocus.com/archive/1/447213/100/0/threaded http://www.securityfocus.com/archive/1/447209/100/0/threaded http://www.securityfocus.com/archive/1/447207/100/0/threaded http://www.securityfocus.com/archive/1/447201/100/0/threaded http://www.securityfocus.com/archive/1/447194/100/0/threaded http://www.securityfocus.com/archive/1/447193/100/0/threaded http://www.securityfocus.com/archive/1/447192/100/0/threaded http://www.securityfocus.com/archive/1/447190/100/0/threaded http://www.securityfocus.com/archive/1/447188/100/0/threaded http://www.securityfocus.com/archive/1/447187/100/0/threaded http://www.securityfocus.com/archive/1/447186/100/0/threaded http://www.securityfocus.com/archive/1/447185/100/0/threaded http://www.securityfocus.com/archive/1/447184/100/0/threaded