Lucene search

[email protected]CVE-2006-2866

HistoryJun 06, 2006 - 8:06 p.m.

CVE-2006-2866

2006-06-0620:06:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-2866

dotclear

remote file inclusion

php

vulnerability

ftp url

nvd

8.3 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.112 Low

EPSS

Percentile

95.1%

JSON

PHP remote file inclusion vulnerability in layout/prepend.php in DotClear 1.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a FTP URL in the blog_dc_path parameter, which passes file_exists() and is_dir() tests on PHP 5.

CPENameOperatorVersion
dotclear:dotcleardotcleareq1.2.3
dotclear:dotcleardotcleareq1.2.2
dotclear:dotcleardotcleareq1.2.4
dotclear:dotcleardotcleareq1.2.1

CPE	Name	Operator	Version
dotclear:dotclear	dotclear	eq	1.2.3
dotclear:dotclear	dotclear	eq	1.2.2
dotclear:dotclear	dotclear	eq	1.2.4
dotclear:dotclear	dotclear	eq	1.2.1

References

retrogod.altervista.org/dotclear_124_php5_xpl.html

secunia.com/advisories/20437

securityreason.com/securityalert/1053

www.securityfocus.com/archive/1/435873/100/0/threaded

www.securityfocus.com/bid/18259

www.vupen.com/english/advisories/2006/2137

exchange.xforce.ibmcloud.com/vulnerabilities/26917

8.3 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.112 Low

EPSS

Percentile

95.1%

JSON

Related for CVE-2006-2866

prion1