Lucene search

[email protected]CVE-2006-3532

HistoryJul 12, 2006 - 9:05 p.m.

CVE-2006-3532

2006-07-1221:05:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

php

file inclusion

vulnerability

pivot 1.30 rc2

register_globals

remote code execution

8.3 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.042 Low

EPSS

Percentile

92.2%

JSON

PHP file inclusion vulnerability in includes/edit_new.php in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a FTP URL or full file path in the Paths[extensions_path] parameter.

CPENameOperatorVersion
pivot:pivotpivoteq1.30_rc2

CPE	Name	Operator	Version
pivot:pivot	pivot	eq	1.30_rc2

References

retrogod.altervista.org/pivot_130RC2_xpl.html

secunia.com/advisories/20962

securityreason.com/securityalert/1214

www.osvdb.org/27512

www.securityfocus.com/archive/1/439495/100/0/threaded

www.securityfocus.com/bid/18881

exchange.xforce.ibmcloud.com/vulnerabilities/27679

8.3 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.042 Low

EPSS

Percentile

92.2%

JSON

Related for CVE-2006-3532

cvelist1