Lucene search
HistoryMay 03, 2006 - 10:02 a.m.
CVE-2006-2149
cve-2006-2149
php
remote file inclusion
aardvark topsites
vulnerability
7.5 High
AI Score
Confidence
Low
6.4 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.038 Low
EPSS
Percentile
91.9%
PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CONFIG[path] parameter, as demonstrated by including a GIF that contains PHP code.
Affected configurations
Node
avaticaardvark_topsites_phpMatch4.2.2
| CPE | Name | Operator | Version |
|---|---|---|---|
| avatic:aardvark_topsites_php | avatic aardvark topsites php | eq | 4.2.2 |
Related
prion
prion
Remote file inclusion
2006-05-03 10:02:00
cvelist
cvelist
CVE-2006-2149
2006-05-03 10:00:00
CVE-2006-7026
2007-02-23 01:00:00
nessus
nessus
Aardvark Topsites CONFIG[path] Parameter Remote File Inclusion
2006-05-08 00:00:00
nvd
nvd
CVE-2006-2149
2006-05-03 10:02:00
CVE-2006-7026
2007-02-23 03:28:00
openvas
openvas
Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
2008-08-22 00:00:00
cve
cve
CVE-2006-7026
2007-02-23 03:28:00
7.5 High
AI Score
Confidence
Low
6.4 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.038 Low
EPSS
Percentile
91.9%
Related for CVE-2006-2149