Lucene search
MitreCVE-2006-1149HistoryMar 10, 2006 - 11:02 a.m.
CVE-2006-1149
2006-03-1011:02:00
mitre
web.nvd.nist.gov
33
cve-2006-1149
php
remote file inclusion
owl intranet engine
vulnerability
nvd
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.8
Confidence
High
EPSS
0.1
Percentile
94.9%
PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL Intranet Engine 0.82, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the xrms_file_root parameter, which is not initialized before use.
Affected configurations
Node
owlowl_intranet_engineMatch0.6
ORowlowl_intranet_engineMatch0.8
ORowlowl_intranet_engineMatch0.72
ORowlowl_intranet_engineMatch0.73
ORowlowl_intranet_engineMatch0.82
| Vendor | Product | Version | CPE |
|---|---|---|---|
| owl | owl_intranet_engine | 0.6 | cpe:2.3:a:owl:owl_intranet_engine:0.6:*:*:*:*:*:*:* |
| owl | owl_intranet_engine | 0.8 | cpe:2.3:a:owl:owl_intranet_engine:0.8:*:*:*:*:*:*:* |
| owl | owl_intranet_engine | 0.72 | cpe:2.3:a:owl:owl_intranet_engine:0.72:*:*:*:*:*:*:* |
| owl | owl_intranet_engine | 0.73 | cpe:2.3:a:owl:owl_intranet_engine:0.73:*:*:*:*:*:*:* |
| owl | owl_intranet_engine | 0.82 | cpe:2.3:a:owl:owl_intranet_engine:0.82:*:*:*:*:*:*:* |
Related
prion
prion
Remote file inclusion
2006-03-10 11:02:00
nessus
nessus
nvd
nvd
CVE-2006-1149
2006-03-10 11:02:00
exploitdb
exploitdb
OWL Intranet Engine 0.82 - 'xrms_file_root' Code Execution
2006-03-07 00:00:00
cvelist
cvelist
CVE-2006-1149
2006-03-10 11:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.8
Confidence
High
EPSS
0.1
Percentile
94.9%
Related for CVE-2006-1149