CVE-2006-2682

Description

PHP remote file inclusion vulnerability in BE_config.php in Back-End CMS 0.7.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _PSL[classdir] parameter.

Affected products

• back-end / back-end_cms0.7.2.1 – 0.7.2.1

References

• EXPLOIThttps://www.exploit-db.com/exploits/1825
• VENDOR_ADVISORYhttp://secunia.com/advisories/20292
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/1979
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/26699