Lucene search

[email protected]CVE-2006-2681

HistoryMay 31, 2006 - 10:06 a.m.

CVE-2006-2681

2006-05-3110:06:00

CWE-94

[email protected]

web.nvd.nist.gov

cve

2006

2681

php

remote file inclusion

vulnerability

socketmail lite

pro 2.2.6

magic quotes

8.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.037 Low

EPSS

Percentile

91.6%

JSON

PHP remote file inclusion vulnerability in SocketMail Lite and Pro 2.2.6 and earlier, when register_globals and magic_quotes are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) index.php and (2) inc-common.php.

CPENameOperatorVersion
socketmail:socketmailsocketmaille2.2.6

CPE	Name	Operator	Version
socketmail:socketmail	socketmail	le	2.2.6

References

secunia.com/advisories/20273

securitytracker.com/id?1016228

www.majorsecurity.de/advisory/major_rls6.txt

www.vupen.com/english/advisories/2006/1976

exchange.xforce.ibmcloud.com/vulnerabilities/26693

8.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.037 Low

EPSS

Percentile

91.6%

JSON

Related for CVE-2006-2681

prion1