CVE-2006-6043 - Solute Uses

Description

PHP file inclusion vulnerability in loginform-inc.php in Oliver (formerly Webshare) 1.2.2 and earlier when register_globals is enabled allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the conf[motdfile] parameter which is accessed by the file_exists function.

Reference

http://secunia.com/advisories/23031 http://www.securityfocus.com/bid/21202/info http://www.vupen.com/english/advisories/2006/4608 https://exchange.xforce.ibmcloud.com/vulnerabilities/30415