PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the class_pwd parameter. NOTE: this issue has been disputed by CVE and multiple third parties, who state that $class_pwd is set to a static value before the relevant include statement
References
Configurations
History
07 Nov 2023, 01:59
Type | Values Removed | Values Added |
---|---|---|
Summary | PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the class_pwd parameter. NOTE: this issue has been disputed by CVE and multiple third parties, who state that $class_pwd is set to a static value before the relevant include statement |
Information
Published : 2007-02-08 17:28
Updated : 2024-08-07 21:15
NVD link : CVE-2006-6975
Mitre link : CVE-2006-6975
CVE.ORG link : CVE-2006-6975
JSON object : View
Products Affected
centipaid
- centipaid
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')