5.1
CVSSv2

CVE-2006-2881

Published: 07/06/2006 Updated: 18/10/2018
CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9
VMScore: 515
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Summary

Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 and previous versions, when register_globals is enabled, allow remote malicious users to execute arbitrary PHP code via a URL in the da_path parameter in the (1) auth.cookie.inc.php, (2) auth.header.inc.php, or (3) auth.sessions.inc.php scripts.

Vulnerable Product Search on Vulmon Subscribe to Product

dreamcost dreamaccount

Exploits

Title: DreamAccount <= 31 - Remote File Include Vulnerability ----------------------------------------------------------------- Vendor: dreamcostcom URL: dreamcostcom ----------------------------------------------------------------- Credits: Discovered by: 'Aesthetico' wwwmajorsecurityde -------------------------------------- ...