Lucene search

[email protected]CVE-2006-2129

HistoryMay 01, 2006 - 11:02 p.m.

CVE-2006-2129

2006-05-0123:02:00

[email protected]

web.nvd.nist.gov

cve-2006-2129

pro publish 2.0

code injection

vulnerability

php

remote

authenticated administrators

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

7.2 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.0%

JSON

Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in set_inc.php.

Affected configurations

NVD

Node

deltascriptspro_publishMatch2.0

CPENameOperatorVersion
deltascripts:pro_publishdeltascripts pro publisheq2.0

CPE	Name	Operator	Version
deltascripts:pro_publish	deltascripts pro publish	eq	2.0

References

evuln.com/vulns/130/summary.html

secunia.com/advisories/19882

www.osvdb.org/25128

www.securityfocus.com/bid/17762

www.vupen.com/english/advisories/2006/1578

exchange.xforce.ibmcloud.com/vulnerabilities/26149

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

7.2 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.0%

JSON

Related for CVE-2006-2129

cvelist1 nvd1 prion1