Lucene search

[email protected]CVE-2006-2964

HistoryJun 12, 2006 - 8:06 p.m.

CVE-2006-2964

2006-06-1220:06:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-2964

xtreme scripts

download manager

php

rfi

vulnerabilities

nvd

8.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.137 Low

EPSS

Percentile

95.6%

JSON

Multiple PHP remote file inclusion vulnerabilities in Xtreme Scripts Download Manager (aka Xtreme Downloads) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) download.php, (2) manager.php, (3) admin/scripts/category.php, (4) includes/add_allow.php, (5) admin/index.php, and (6) admin/admin/login.php.

CPENameOperatorVersion
xtreme_scripts:download_managerxtreme scripts download managereq1.0

CPE	Name	Operator	Version
xtreme_scripts:download_manager	xtreme scripts download manager	eq	1.0

References

securityreason.com/securityalert/1072

www.osvdb.org/26643

www.osvdb.org/26644

www.osvdb.org/26645

www.osvdb.org/26646

www.osvdb.org/26647

www.osvdb.org/26648

www.securityfocus.com/archive/1/436104/100/0/threaded

www.securityfocus.com/archive/1/436107/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/26961

8.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.137 Low

EPSS

Percentile

95.6%

JSON

Related for CVE-2006-2964

prion1