Lucene search

[email protected]CVE-2006-3175

HistoryJun 23, 2006 - 12:02 a.m.

CVE-2006-3175

2006-06-2300:02:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2006-3175

php

remote file inclusion

mcguestbook 1.3

security vulnerability

nvd

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.103 Low

EPSS

Percentile

94.9%

JSON

Multiple PHP remote file inclusion vulnerabilities in mcGuestbook 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) admin.php, (2) ecrire.php, and (3) lire.php. NOTE: it was later reported that the ecrire.php vector also affects 1.2. NOTE: this issue might be limited to a race condition during installation or an improper installation, since a completed installation creates an include file that prevents external control of the $lang variable.

CPENameOperatorVersion
mcguestbook:mcguestbookmcguestbookeq1.3

CPE	Name	Operator	Version
mcguestbook:mcguestbook	mcguestbook	eq	1.3

References

securityreason.com/securityalert/1125

www.osvdb.org/27460

www.osvdb.org/27461

www.osvdb.org/27462

www.securityfocus.com/archive/1/437028/100/200/threaded

www.securityfocus.com/archive/1/437448/100/0/threaded

www.securityfocus.com/bid/18476

exchange.xforce.ibmcloud.com/vulnerabilities/27114

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.103 Low

EPSS

Percentile

94.9%

JSON