Lucene search

[email protected]CVE-2006-0824

HistoryFeb 21, 2006 - 11:02 p.m.

CVE-2006-0824

2006-02-2123:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-0824

geeklog

lib-common.php

code execution

remote attackers

arbitrary code

security vulnerability

nvd

8.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.147 Low

EPSS

Percentile

95.7%

JSON

Multiple unspecified vulnerabilities in lib-common.php in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to include arbitrary local files and execute arbitrary code via (1) absolute paths in unspecified parameters and (2) the language cookie, as demonstrated for code execution using error.log.

CPENameOperatorVersion
geeklog:geekloggeeklogeq1.3.11_sr3
geeklog:geekloggeeklogeq1.3.11_sr2
geeklog:geekloggeeklogeq1.4.0
geeklog:geekloggeeklogeq1.3.11_sr1
geeklog:geekloggeeklogeq1.3.11

CPE	Name	Operator	Version
geeklog:geeklog	geeklog	eq	1.3.11_sr3
geeklog:geeklog	geeklog	eq	1.3.11_sr2
geeklog:geeklog	geeklog	eq	1.4.0
geeklog:geeklog	geeklog	eq	1.3.11_sr1
geeklog:geeklog	geeklog	eq	1.3.11

References

secunia.com/advisories/18920

www.geeklog.net/article.php/geeklog-1.4.0sr1

www.gulftech.org/?node=research&article_id=00102-02192006

www.osvdb.org/23349

www.securityfocus.com/archive/1/425506/100/0/threaded

www.securityfocus.com/bid/16755

www.vupen.com/english/advisories/2006/0661

8.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.147 Low

EPSS

Percentile

95.7%

JSON

Related for CVE-2006-0824

prion1 nessus1