Lucene search

[email protected]CVE-2006-2881

HistoryJun 07, 2006 - 10:02 a.m.

CVE-2006-2881

2006-06-0710:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2006

2881

php

remote file inclusion

vulnerability

dreamaccount

register_globals

auth.cookie.inc.php

auth.header.inc.php

auth.sessions.inc.php

nvd

8.4 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.395 Low

EPSS

Percentile

97.2%

JSON

Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the da_path parameter in the (1) auth.cookie.inc.php, (2) auth.header.inc.php, or (3) auth.sessions.inc.php scripts.

CPENameOperatorVersion
dreamcost:dreamaccountdreamcost dreamaccountle3.1

CPE	Name	Operator	Version
dreamcost:dreamaccount	dreamcost dreamaccount	le	3.1

References

secunia.com/advisories/20468

securityreason.com/securityalert/1062

securitytracker.com/id?1016272

www.majorsecurity.de/advisory/major_rls8.txt

www.osvdb.org/26168

www.osvdb.org/26169

www.osvdb.org/26170

www.securityfocus.com/archive/1/435991/100/0/threaded

www.securityfocus.com/archive/1/436134/100/0/threaded

www.securityfocus.com/bid/18278

www.vupen.com/english/advisories/2006/2152

exchange.xforce.ibmcloud.com/vulnerabilities/26932

www.exploit-db.com/exploits/1881

8.4 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.395 Low

EPSS

Percentile

97.2%

JSON

Related for CVE-2006-2881

prion1