Lucene search

[email protected]CVE-2006-0725

HistoryFeb 16, 2006 - 11:02 a.m.

CVE-2006-0725

2006-02-1611:02:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2006-0725

php

remote file inclusion

plume cms

vulnerability

6.7 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.06 Low

EPSS

Percentile

93.4%

JSON

PHP remote file inclusion vulnerability in prepend.php in Plume CMS 1.0.2, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and affected version than CVE-2006-2645.

CPENameOperatorVersion
plume-cms:plume_cmsplume-cms plume cmseq1.0.2

CPE	Name	Operator	Version
plume-cms:plume_cms	plume-cms plume cms	eq	1.0.2

References

plume-cms.net/news/77-Security-Notice-Please-Update-Your-Prependphp-File

secunia.com/advisories/18883

securitytracker.com/id?1015624

www.osvdb.org/23204

www.securityfocus.com/bid/16662

www.vupen.com/english/advisories/2006/0599

exchange.xforce.ibmcloud.com/vulnerabilities/24697

exchange.xforce.ibmcloud.com/vulnerabilities/27699

6.7 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.06 Low

EPSS

Percentile

93.4%

JSON

Related for CVE-2006-0725

prion2 cve3 nessus1 checkpoint_advisories1 openvas2