Lucene search

[email protected]CVE-2006-2286

HistoryMay 10, 2006 - 2:14 a.m.

CVE-2006-2286

2006-05-1002:14:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2006-2286

php

remote file inclusion

vulnerabilities

dokeos

arbitrary code execution

nvd

7.9 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

89.0%

JSON

Multiple PHP remote file inclusion vulnerabilities in claro_init_global.inc.php in Dokeos 1.6.3 and earlier, and Dokeos community release 2.0.3, allow remote attackers to execute arbitrary PHP code via a URL in the (1) rootSys and (2) clarolineRepositorySys parameters, and possibly the (3) lang_path, (4) extAuthSource, (5) thisAuthSource, (6) main_configuration_file_path, (7) phpDigIncCn, and (8) drs parameters to (a) testheaderpage.php and (b) resourcelinker.inc.php.

CPENameOperatorVersion
dokeos:dokeosdokeosle1.6.3
dokeos:dokeos_community_releasedokeos dokeos community releaseeq2.0.3

CPE	Name	Operator	Version
dokeos:dokeos	dokeos	le	1.6.3
dokeos:dokeos_community_release	dokeos dokeos community release	eq	2.0.3

References

secunia.com/advisories/19576

www.dokeos.com/forum/viewtopic.php?t=6848

www.dokeos.com/wiki/index.php/Security

www.vupen.com/english/advisories/2006/1303

exchange.xforce.ibmcloud.com/vulnerabilities/25740

7.9 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

89.0%

JSON

Related for CVE-2006-2286

cvelist1 prion1 nessus1