CVE-2006-5507 - Unpolite Disk

Description

Multiple PHP remote file inclusion vulnerabilities in Der Dirigent (DeDi) 1.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg_dedi[dedi_path] parameter in (1) find.php (2) insert_line.php (3) fullscreen.php (4) changecase.php (5) insert_link.php (6) insert_table.php (7) table_cellprop.php (8) table_prop.php (9) table_rowprop.php (10) insert_page.php and possibly insert_marquee.php in backend/external/wysiswg/popups/.

Reference

http://www.securityfocus.com/bid/20702 http://secunia.com/advisories/22546 http://packetstormsecurity.org/0610-exploits/Derdirigent.txt http://www.osvdb.org/29950 http://www.osvdb.org/29951 http://www.osvdb.org/29952 http://www.osvdb.org/29953 http://www.osvdb.org/29954 http://www.osvdb.org/29955 http://www.osvdb.org/29956 http://www.osvdb.org/29957 http://www.osvdb.org/29958 http://www.osvdb.org/29959 http://www.vupen.com/english/advisories/2006/4164 https://exchange.xforce.ibmcloud.com/vulnerabilities/29760