Lucene search

[email protected]CVE-2006-3998

HistoryAug 05, 2006 - 1:04 a.m.

CVE-2006-3998

2006-08-0501:04:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-3998

php

vulnerability

remote code execution

wowroster

8.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.086 Low

EPSS

Percentile

94.4%

JSON

PHP remote file inclusion vulnerability in conf.php in WoWRoster (aka World of Warcraft Roster) 1.5.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the subdir parameter.

CPENameOperatorVersion
wowroster:wowrosterwowrostereq1.5
wowroster:wowrosterwowrostereq1.5.1

CPE	Name	Operator	Version
wowroster:wowroster	wowroster	eq	1.5
wowroster:wowroster	wowroster	eq	1.5.1

References

www.securityfocus.com/bid/19269

www.vupen.com/english/advisories/2006/3094

www.wowroster.net/Forums/viewtopic/t=333.html

exchange.xforce.ibmcloud.com/vulnerabilities/28101

www.exploit-db.com/exploits/2099

8.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.086 Low

EPSS

Percentile

94.4%

JSON