Description

Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3) browse.php, (4) cc.php, (5) click.php, (6) faq.php, (7) gallery.php, (8) im.php, (9) inbox.php, (10) join_form.php, (11) logout.php, (12) messages_inbox.php, and many other scripts.

Remediation

References

CVE-2006-4189

Related Vulnerabilities

WordPress Plugin BuddyPress Multiple SQL Injection Vulnerabilities (1.7.1)

WordPress Plugin PublishPress Capabilities-User Role Access, Editor Permissions, Admin Menus Cross-Site Request Forgery (2.3.1)

WordPress Plugin Yes/No Chart SQL Injection (1.0.11)

ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-7370)

Squid Improper Input Validation Vulnerability (CVE-2021-33620)

Severity

Medium

Classification

CVE-2006-4189

Tags

Missing Update Known Vulnerabilities