Description

Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3) browse.php, (4) cc.php, (5) click.php, (6) faq.php, (7) gallery.php, (8) im.php, (9) inbox.php, (10) join_form.php, (11) logout.php, (12) messages_inbox.php, and many other scripts.

Remediation

References

CVE-2006-4189

Related Vulnerabilities

PrestaShop Improper Authentication Vulnerability (CVE-2021-21308)

WordPress Plugin Nifty Newsletters (Formerly Sola Newsletters) Cross-Site Request Forgery (4.0.23)

WordPress 4.5.x Cross-Site Request Forgery (4.5 - 4.5.16)

WordPress Plugin Paytium:Mollie payment forms & donations Cross-Site Scripting (3.1.1)

ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-22874)

Severity

Medium

Classification

CVE-2006-4189

Tags

Missing Update Known Vulnerabilities