Lucene search

[email protected]CVE-2006-2033

HistoryApr 26, 2006 - 12:06 a.m.

CVE-2006-2033

2006-04-2600:06:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-2033

php

remote file inclusion

core corenews 2.0.1

security vulnerability

nvd

7.5 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.005 Low

EPSS

Percentile

75.8%

JSON

PHP remote file inclusion vulnerability in Core CoreNews 2.0.1 and earlier allows remote authenticated users to execute arbitrary commands via the show parameter. NOTE: this is a different vector than CVE-2006-1212, although it might be the same primary issue.

CPENameOperatorVersion
corenews:corenewscorenewseq2.0.1

CPE	Name	Operator	Version
corenews:corenews	corenews	eq	2.0.1

References

lists.grok.org.uk/pipermail/full-disclosure/2006-April/045372.html

securityreason.com/securityalert/797

www.nukedx.com/?getxpl=24

www.securityfocus.com/archive/1/431761/100/0/threaded

www.securityfocus.com/bid/17655

exchange.xforce.ibmcloud.com/vulnerabilities/25979

7.5 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.005 Low

EPSS

Percentile

75.8%

JSON

Related for CVE-2006-2033

prion2 cve1