Lucene search

[email protected]CVE-2006-2152

HistoryMay 03, 2006 - 10:02 a.m.

CVE-2006-2152

2006-05-0310:02:00

[email protected]

web.nvd.nist.gov

cve-2006-2152

php

remote file inclusion

admin

addentry.php

phpbb

advanced guestbook 2.4.0

vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

High

0.1 Low

EPSS

Percentile

95.0%

JSON

PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter.

Affected configurations

NVD

Node

phpbb_groupphpbb_advanced_guestbookRange≤2.4.0

CPENameOperatorVersion
phpbb_group:phpbb_advanced_guestbookphpbb group phpbb advanced guestbookle2.4.0

CPE	Name	Operator	Version
phpbb_group:phpbb_advanced_guestbook	phpbb group phpbb advanced guestbook	le	2.4.0

References

secunia.com/advisories/19905

www.securityfocus.com/bid/17745

www.vupen.com/english/advisories/2006/1600

exchange.xforce.ibmcloud.com/vulnerabilities/26217

www.exploit-db.com/exploits/1723

www.exploit-db.com/exploits/1725

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

High

0.1 Low

EPSS

Percentile

95.0%

JSON

Related for CVE-2006-2152

cvelist1 nessus1 prion1 nvd1