Hillstone Networks

RULE（RULE ID：322348）

Rule General Information


Release Date:		2019-07-05

Rule Name:		Sabdrimer advanced1.php pluginpath[0] Parameter CMS PHP File Include Vulnerability (CVE-2006-3520)

Severity:

CVE ID:

Rule Protection Details


Description:		PHP remote file inclusion vulnerability in skins/advanced/advanced1.php in Sabdrimer Pro 2.2.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pluginpath[0] parameter.

Impact:		An attacker could exploit this vulnerability to have unspecified effect.

Affected OS:		Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others

Reference:		SecurityFocusBID:18907 ExploitDB:1996 http://www.vupen.com/english/advisories/2006/2717 https://exchange.xforce.ibmcloud.com/vulnerabilities/27627

Solutions

The vendors have released upgrade patches to fix vulnerabilities, please visit:
http://sabdrimer.ru/