CVE-2006-2681

Severity CVSS v4.0:
Pending analysis
Type:
CWE-94 Code Injection
Publication date:
31/05/2006
Last modified:
03/04/2025

Description

PHP remote file inclusion vulnerability in SocketMail Lite and Pro 2.2.6 and earlier, when register_globals and magic_quotes are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) index.php and (2) inc-common.php.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:socketmail:socketmail:*:-:lite:*:*:*:*:* 2.2.6 (including)
cpe:2.3:a:socketmail:socketmail:*:-:professional:*:*:*:*:* 2.2.6 (including)