Lucene search

[email protected]CVE-2006-0887

HistoryFeb 25, 2006 - 11:02 a.m.

CVE-2006-0887

2006-02-2511:02:00

CWE-94

[email protected]

web.nvd.nist.gov

cve

php

base library

phplib

vulnerability

code execution

remote attack

nvd

7.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.029 Low

EPSS

Percentile

90.8%

JSON

Eval injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a, when index.php3 from the PHPLib distribution is available on the server, allows remote attackers to execute arbitrary PHP code by including a base64-encoded representation of the code in a cookie. NOTE: this description was significantly updated on 20060605 to reflect new details after an initial vague advisory.

CPENameOperatorVersion
phplib_team:phplibphplib team phplibeq7.4

CPE	Name	Operator	Version
phplib_team:phplib	phplib team phplib	eq	7.4

References

secunia.com/advisories/16902

securitytracker.com/id?1016123

sourceforge.net/project/shownotes.php?group_id=31885&release_id=396091

www.gulftech.org/?node=research&article_id=00107-03052006

www.osvdb.org/23466

www.securityfocus.com/bid/16801

www.vupen.com/english/advisories/2006/0720

exchange.xforce.ibmcloud.com/vulnerabilities/24873

7.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.029 Low

EPSS

Percentile

90.8%

JSON

Related for CVE-2006-0887

prion1 cvelist1 exploitpack1 zdt1 exploitdb1