Lucene search

[email protected]CVE-2006-2914

HistoryJun 23, 2006 - 7:06 p.m.

CVE-2006-2914

2006-06-2319:06:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-2914

php

remote file inclusion

vulnerability

deluxebb 1.06

arbitrary code

url

7.8 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.12 Low

EPSS

Percentile

95.3%

JSON

PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote attackers to execute arbitrary code via a URL in the templatefolder parameter to (1) postreply.php, (2) posting.php, (3) and pm/newpm.php in the deluxe/ directory, and (4) postreply.php, (5) posting.php, and (6) pm/newpm.php in the default/ directory.

CPENameOperatorVersion
deluxebb:deluxebbdeluxebbeq1.06

CPE	Name	Operator	Version
deluxebb:deluxebb	deluxebb	eq	1.06

References

secunia.com/advisories/20152

secunia.com/secunia_research/2006-44/advisory

securityreason.com/securityalert/1134

securitytracker.com/id?1016309

www.osvdb.org/26458

www.osvdb.org/26459

www.osvdb.org/26460

www.osvdb.org/26461

www.osvdb.org/26462

www.osvdb.org/26463

www.securityfocus.com/archive/1/437228/100/100/threaded

www.securityfocus.com/archive/1/438597/100/0/threaded

www.securityfocus.com/bid/18455

www.vupen.com/english/advisories/2006/2347

exchange.xforce.ibmcloud.com/vulnerabilities/27090

7.8 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.12 Low

EPSS

Percentile

95.3%

JSON

Related for CVE-2006-2914

prion1 packetstorm1 securityvulns2