Lucene search
HistoryJun 06, 2006 - 8:06 p.m.
CVE-2006-2866
cve-2006-2866
dotclear
remote file inclusion
php
vulnerability
ftp url
nvd
5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
7.6 High
AI Score
Confidence
High
0.112 Low
EPSS
Percentile
95.2%
PHP remote file inclusion vulnerability in layout/prepend.php in DotClear 1.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a FTP URL in the blog_dc_path parameter, which passes file_exists() and is_dir() tests on PHP 5.
Affected configurations
Node
dotcleardotclearMatch1.2.1
ORdotcleardotclearMatch1.2.2
ORdotcleardotclearMatch1.2.3
ORdotcleardotclearMatch1.2.4
| CPE | Name | Operator | Version |
|---|---|---|---|
| dotclear:dotclear | dotclear | eq | 1.2.1 |
| dotclear:dotclear | dotclear | eq | 1.2.2 |
| dotclear:dotclear | dotclear | eq | 1.2.3 |
| dotclear:dotclear | dotclear | eq | 1.2.4 |
References
Related
cvelist
cvelist
CVE-2006-2866
2006-06-06 20:03:00
prion
prion
Remote file inclusion
2006-06-06 20:06:00
nvd
nvd
CVE-2006-2866
2006-06-06 20:06:00
5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
7.6 High
AI Score
Confidence
High
0.112 Low
EPSS
Percentile
95.2%
Related for CVE-2006-2866