Lucene search

[email protected]CVE-2006-3144

HistoryJun 22, 2006 - 10:06 p.m.

CVE-2006-3144

2006-06-2222:06:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2006-3144

php

remote file inclusion

micro_cms_files

microcms-include.php

implied by design

ibd

micro cms

8.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.131 Low

EPSS

Percentile

95.4%

JSON

PHP remote file inclusion vulnerability in micro_cms_files/microcms-include.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) and earlier allows remote attackers to execute arbitrary PHP code via a URL in the microcms_path parameter. NOTE: it was later reported that this can also be leveraged to include and execute arbitrary local files via … (dot dot) sequences.

CPENameOperatorVersion
ibd:micro_cmsibd micro cmseq0.3.5

CPE	Name	Operator	Version
ibd:micro_cms	ibd micro cms	eq	0.3.5

References

secunia.com/advisories/20758

www.osvdb.org/26677

www.securityfocus.com/archive/1/456721/100/0/threaded

www.securityfocus.com/bid/18537

www.vupen.com/english/advisories/2006/2446

exchange.xforce.ibmcloud.com/vulnerabilities/27236

exchange.xforce.ibmcloud.com/vulnerabilities/53273

www.exploit-db.com/exploits/1929

www.exploit-db.com/exploits/9699

8.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.131 Low

EPSS

Percentile

95.4%

JSON