CVE-2006-0479 - PmWiki 2.1 beta 20 Multiple Vulnerabilities - NVD Record

On January 31, 2006, the United States National Vulnerability Database (NVD) published the official record CVE-2006-0479, regarding multiple critical vulnerabilities in PmWiki 2.1 beta 20. The record credits as the primary source the technical advisory released by Francesco “ascii” Ongaro on the USH.it site on January 24, 2006, which described Remote File Inclusion and Cross-Site Scripting flaws generated by the use of register_globals. The analysis, picked up on the same day by international platforms such as SecurityFocus, Secunia, and SecurityTracker, highlighted how the lack of sanitization of global variables could allow remote code execution. Ongaro’s advisory remained the official reference cited by the NVD and IBM X-Force, confirming his central role in the disclosure and technical documentation of the vulnerability.