CVE-2006-5185 - Auxetic Jizim

Description

Eval injection vulnerability in Template.php in HAMweather 3.9.8.4 and earlier allows remote attackers to execute arbitrary code via a modified query string which is supplied to an eval function call within the do_parse_code function.

Reference

http://www.gulftech.org/?node=research&article_id=00115-09302006 http://support.hamweather.com/viewtopic.php?t=6548 http://www.securityfocus.com/bid/20311 http://secunia.com/advisories/22242 http://www.vupen.com/english/advisories/2006/3881 https://exchange.xforce.ibmcloud.com/vulnerabilities/29304