Lucene search

[email protected]CVE-2006-1200

HistoryMar 14, 2006 - 1:06 a.m.

CVE-2006-1200

2006-03-1401:06:00

[email protected]

web.nvd.nist.gov

cve-2006-1200

code injection

daverave link bank

remote attackers

php code

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.023 Low

EPSS

Percentile

89.7%

JSON

Direct static code injection vulnerability in add_link.txt in daverave Link Bank allows remote attackers to execute arbitrary PHP code via the url_name parameter, which is not sanitized before being stored in links.txt, which is later used in an include statement.

Affected configurations

NVD

Node

daveravelink_bank

CPENameOperatorVersion
daverave:link_bankdaverave link bankeq*

CPE	Name	Operator	Version
daverave:link_bank	daverave link bank	eq	*

References

secunia.com/advisories/19154

securityreason.com/securityalert/553

www.osvdb.org/23750

www.securityfocus.com/archive/1/426932/100/0/threaded

www.securityfocus.com/bid/17004

www.vupen.com/english/advisories/2006/0885

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.023 Low

EPSS

Percentile

89.7%

JSON

Related for CVE-2006-1200

prion1 nvd1 cvelist1