Lucene search

[email protected]CVE-2006-1895

HistoryApr 20, 2006 - 10:02 a.m.

CVE-2006-1895

2006-04-2010:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2006

1895

code injection

vulnerability

phpbb

remote

authenticated

users

write access

arbitrary

php code

7.7 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.7%

JSON

Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose “.*” regular expression to match BEGIN and END statements in overall_header.tpl, or (2) is used in an eval statement by includes/bbcode.php for bbcode.tpl.

CPENameOperatorVersion
phpbb_group:phpbbphpbb group phpbbeq2.0.9

CPE	Name	Operator	Version
phpbb_group:phpbb	phpbb group phpbb	eq	2.0.9

References

securityreason.com/securityalert/769

www.securityfocus.com/archive/1/431017/100/0/threaded

www.securityfocus.com/bid/17573

exchange.xforce.ibmcloud.com/vulnerabilities/25888

7.7 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.7%

JSON

Related for CVE-2006-1895

prion1 ubuntucve1