CyberSec.Space Logo
Back to CVE Browser

CVE-2006-3361

MEDIUM
5.1
CVSS Severity Score
EPSS Score0.1680%
EPSS Percentile4.28th
PublishedJul 6, 2006
Last ModifiedApr 16, 2026

Vulnerability Description

PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) _PHPLIB[libdir] parameter in studip-phplib/oohforms.inc and (2) ABSOLUTE_PATH_STUDIP parameter in studip-htdocs/archiv_assi.php.

Affected Platforms (CPE)

πŸ“¦
Stud.ip

Stud.ip

<= 1.3.0-2

References & Advisories

πŸ”— http://hamid.ir/security/studip.txt
πŸ”— http://securitytracker.com/id?1016418
πŸ”— http://www.securityfocus.com/bid/18741
πŸ”— http://www.vupen.com/english/advisories/2006/2618
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/27487
πŸ”— http://hamid.ir/security/studip.txt
πŸ”— http://securitytracker.com/id?1016418
πŸ”— http://www.securityfocus.com/bid/18741

Related Vulnerabilities

CVE-2020-120019.8

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and p...

CVE-2020-119998.1

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and p...

CVE-2020-120037.5

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and p...

CVE-2020-120057.5

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and p...