Lucene search

[email protected]CVE-2006-2860

HistoryJun 06, 2006 - 8:06 p.m.

CVE-2006-2860

2006-06-0620:06:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2006-2860

php

remote file inclusion

webspotblogging

vulnerability

nvd

url

php code

8.3 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.02 Low

EPSS

Percentile

88.7%

JSON

PHP remote file inclusion vulnerability in Webspotblogging 3.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) inc/logincheck.inc.php, (2) inc/adminheader.inc.php, (3) inc/global.php, or (4) inc/mainheader.inc.php. NOTE: some of these vectors were also reported for 3.0 in a separate disclosure.

CPENameOperatorVersion
webspot:webspotbloggingwebspot webspotbloggingeq3.0
webspot:webspotbloggingwebspot webspotbloggingeq3.0.1

CPE	Name	Operator	Version
webspot:webspotblogging	webspot webspotblogging	eq	3.0
webspot:webspotblogging	webspot webspotblogging	eq	3.0.1

References

arfis.wordpress.com/2007/09/14/rfi-02-webspotblogging/

secunia.com/advisories/20439

www.osvdb.org/25992

www.osvdb.org/25993

www.osvdb.org/25994

www.osvdb.org/25995

www.securityfocus.com/archive/1/447001/100/0/threaded

www.securityfocus.com/archive/1/447576/100/200/threaded

www.securityfocus.com/bid/18260

www.vupen.com/english/advisories/2006/2127

exchange.xforce.ibmcloud.com/vulnerabilities/26910

www.exploit-db.com/exploits/1871

8.3 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.02 Low

EPSS

Percentile

88.7%

JSON

Related for CVE-2006-2860

prion1