CVE-2006-2685
Publication date 31 May 2006
Last updated 17 July 2025
Ubuntu priority
PHP remote file inclusion vulnerability in Basic Analysis and Security Engine (BASE) 1.2.4 and earlier, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BASE_path parameter to (1) base_qry_common.php, (2) base_stat_common.php, and (3) includes/base_include.inc.php.
Status
Package | Ubuntu Release | Status |
---|---|---|
acidbase | 9.10 karmic |
Fixed 1.2.5-1
|
9.04 jaunty |
Fixed 1.2.5-1
|
|
8.10 intrepid |
Fixed 1.2.5-1
|
|
8.04 LTS hardy |
Fixed 1.2.5-1
|
|
7.10 gutsy |
Fixed 1.2.5-1
|
|
7.04 feisty |
Fixed 1.2.5-1
|
|
6.10 edgy |
Fixed 1.2.5-1
|
|
6.06 LTS dapper | Ignored end of life |