Lucene search

[email protected]CVE-2006-1105

HistoryMar 09, 2006 - 1:06 p.m.

CVE-2006-1105

2006-03-0913:06:00

[email protected]

web.nvd.nist.gov

cve-2006-1105

pixelpost

remote attackers

configuration information

phpinfo

vendor dispute

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.2%

JSON

Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not clear whether the vendor is disputing this particular issue.

Affected configurations

NVD

Node

pixelpostpixelpostMatch1.4.3

pixelpostpixelpostMatch1.5_beta1

CPENameOperatorVersion
pixelpost:pixelpostpixelposteq1.4.3
pixelpost:pixelpostpixelposteq1.5_beta1

CPE	Name	Operator	Version
pixelpost:pixelpost	pixelpost	eq	1.4.3
pixelpost:pixelpost	pixelpost	eq	1.5_beta1

References

forum.pixelpost.org/showthread.php?t=3535

www.neosecurityteam.net/index.php?action=advisories&id=19

www.securityfocus.com/archive/1/426764/100/0/threaded

www.securityfocus.com/bid/16964

www.vupen.com/english/advisories/2006/0823

exchange.xforce.ibmcloud.com/vulnerabilities/25048

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.2%

JSON

Related for CVE-2006-1105

prion1 cvelist1 nvd1