Page 2 of 11 results (0.001 seconds)
CVSS: 9.8EPSS: 8%CPEs: 1EXPL: 4
CVSS: 9.8EPSS: 8%CPEs: 1EXPL: 4CVE-2006-2315 – ISPConfig 2.2.2/2.2.3 - 'Session.INC.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2315
12 May 2006 — PHP remote file inclusion vulnerability in session.inc.php in ISPConfig 2.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the go_info[server][classes_root] parameter. NOTE: the vendor has disputed this vulnerability, saying that session.inc.php is not under the web root in version 2.2, and register_globals is not enabled • https://www.exploit-db.com/exploits/27845 • CWE-94: Improper Control of Generation of Code ('Code Injection') •