CVE-2006-5776

Description

Multiple PHP remote file inclusions in Ariadne 2.4.1 allows remote attackers to execute arbitrary PHP code via the ariadne parameter in (1) ftp/loader.php and (2) lib/includes/loader.cmd.php. NOTE: this issue is disputed by CVE, since installation instructions recommend that the files be placed outside of the web document root and require the administrator to modify $ariadne in an include file

Affected products

• Ariadne / ariadne_cms2.4.1 – 2.4.1

References

• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/30018
• MISChttp://attrition.org/pipermail/vim/2006-November/001109.html
• MISChttp://www.securityfocus.com/bid/20916
• MISChttp://securityreason.com/securityalert/1827
• MISChttp://www.securityfocus.com/archive/1/450709/100/0/threaded
• MISChttp://attrition.org/pipermail/vim/2006-November/001108.html