Lucene search

[email protected]CVE-2006-3957

HistoryAug 01, 2006 - 9:04 p.m.

CVE-2006-3957

2006-08-0121:04:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-3957

php

remote file inclusion

bosdev bosdates

code execution

vulnerability

security

8.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.2%

JSON

PHP remote file inclusion vulnerability in payment.php in BosDev BosDates allows remote attackers to execute arbitrary PHP code via a URL in the insPath parameter.

CPENameOperatorVersion
bosdev:bosdatesbosdev bosdateseq3.1
bosdev:bosdatesbosdev bosdateseq4.0
bosdev:bosdatesbosdev bosdateseq3.0
bosdev:bosdatesbosdev bosdateseq3.2

CPE	Name	Operator	Version
bosdev:bosdates	bosdev bosdates	eq	3.1
bosdev:bosdates	bosdev bosdates	eq	4.0
bosdev:bosdates	bosdev bosdates	eq	3.0
bosdev:bosdates	bosdev bosdates	eq	3.2

References

securitytracker.com/id?1016585

www.jaascois.com/exploits/18602020

www.securityfocus.com/bid/19191

8.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.2%

JSON