Lucene search

[email protected]CVE-2006-3422

HistoryJul 07, 2006 - 12:05 a.m.

CVE-2006-3422

2006-07-0700:05:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-3422

php

remote file inclusion

vulnerability

wonderedit pro cms

execute arbitrary code

config parameter

user_bottom

templates

nvd

8.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.051 Low

EPSS

Percentile

92.8%

JSON

PHP remote file inclusion vulnerability in WonderEdit Pro CMS allows remote attackers to execute arbitrary PHP code via the config[template_path] parameter in user_bottom.php, as used by multiple templates including (1) rwb (template/rwb/user_bottom.php), (2) gwb (template/rwb/user_bottom.php, (3) blues, (4) bluwhi, and (5) grns.

CPENameOperatorVersion
wonderedit:wonderedit_pro_cmswonderedit wonderedit pro cmseqgold

CPE	Name	Operator	Version
wonderedit:wonderedit_pro_cms	wonderedit wonderedit pro cms	eq	gold

References

www.securityfocus.com/bid/18821

exchange.xforce.ibmcloud.com/vulnerabilities/27536

www.exploit-db.com/exploits/1982

8.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.051 Low

EPSS

Percentile

92.8%

JSON