Lucene search

[email protected]CVE-2006-2158

HistoryMay 03, 2006 - 10:02 a.m.

CVE-2006-2158

2006-05-0310:02:00

[email protected]

web.nvd.nist.gov

cve

vulnerability

php

remote file inclusion

stadtaus guestbook script

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.9 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.8%

JSON

Dynamic variable evaluation vulnerability in index.php in Stadtaus Guestbook Script 1.7 and earlier, when register_globals is enabled, allows remote attackers to modify arbitrary program variables via parameters, which are evaluated as PHP variable variables, as demonstrated by performing PHP remote file inclusion using the include_files array parameter.

Affected configurations

NVD

Node

stadtausguestbook_scriptRange≤1.7

CPENameOperatorVersion
stadtaus:guestbook_scriptstadtaus guestbook scriptle1.7

CPE	Name	Operator	Version
stadtaus:guestbook_script	stadtaus guestbook script	le	1.7

References

retrogod.altervista.org/gbs_17_xpl_pl.html

secunia.com/advisories/19957

www.securityfocus.com/bid/17845

www.stadtaus.com/forum/t-2600.html

www.vupen.com/english/advisories/2006/1660

exchange.xforce.ibmcloud.com/vulnerabilities/26252

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.9 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.8%

JSON

Related for CVE-2006-2158

prion1 cvelist1 nessus1 nvd1