Lucene search

MitreCVE-2006-3850

HistoryJul 25, 2006 - 11:04 p.m.

CVE-2006-3850

2006-07-2523:04:00

mitre

web.nvd.nist.gov

cve-2006-3850

vanilla cms

remote file inclusion

php vulnerability

upgrader.php

security issue

nvd

cve analysis

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.41

Percentile

97.3%

JSON

PHP remote file inclusion vulnerability in upgrader.php in Vanilla CMS 1.0.1 and earlier, when /conf/old_settings.php exists, allows remote attackers to execute arbitrary PHP code via a URL in the RootDirectory parameter. NOTE: this issue has been disputed by a third party who states that the RootDirectory parameter is initialized before being used, for version 1.0. CVE analysis concurs with the dispute, but it is unclear whether older versions are affected

Affected configurations

Nvd

Node

lussumovanillaRange≤1.0.1

VendorProductVersionCPE
lussumovanilla*cpe:2.3:a:lussumo:vanilla:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lussumo	vanilla	*	cpe:2.3:a:lussumo:vanilla::::::::

References

securityreason.com/securityalert/1281

securitytracker.com/id?1016568

www.attrition.org/pipermail/vim/2006-July/000937.html

www.attrition.org/pipermail/vim/2006-July/000944.html

www.osvdb.org/28287

www.securityfocus.com/archive/1/440938/100/0/threaded

www.securityfocus.com/archive/1/442450/100/0/threaded

www.securityfocus.com/bid/19127

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.41

Percentile

97.3%

JSON

Related for CVE-2006-3850