Lucene search

[email protected]CVE-2006-3527

HistoryJul 12, 2006 - 12:05 a.m.

CVE-2006-3527

2006-07-1200:05:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2006

3527

php

remote file inclusion

bosclassifieds

classified ads

url

vulnerability

nvd

8.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.251 Low

EPSS

Percentile

96.6%

JSON

Multiple PHP remote file inclusion vulnerabilities in BosClassifieds Classified Ads allow remote attackers to execute arbitrary PHP code via a URL in the insPath parameter to (1) index.php, (2) recent.php, (3) account.php, (4) classified.php, or (5) search.php.

CPENameOperatorVersion
bosdev:bosclassifieds_classified_adsbosdev bosclassifieds classified adseq*

CPE	Name	Operator	Version
bosdev:bosclassifieds_classified_ads	bosdev bosclassifieds classified ads	eq	*

References

secunia.com/advisories/21056

securitytracker.com/id?1016447

www.jaascois.com/exploits/18602018/

www.osvdb.org/27314

www.osvdb.org/27315

www.osvdb.org/27316

www.osvdb.org/27317

www.osvdb.org/27318

www.securityfocus.com/bid/18883

www.vupen.com/english/advisories/2006/2807

exchange.xforce.ibmcloud.com/vulnerabilities/27662

8.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.251 Low

EPSS

Percentile

96.6%

JSON