Lucene search

[email protected]CVE-2006-4159

HistoryAug 16, 2006 - 10:04 p.m.

CVE-2006-4159

2006-08-1622:04:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2006-4159

php

remote file inclusion

chaussette

vulnerabilities

security

nvd

7.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.333 Low

EPSS

Percentile

97.0%

JSON

Multiple PHP remote file inclusion vulnerabilities in Chaussette 080706 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _BASE parameter to scripts in Classes/ including (1) Evenement.php, (2) Event.php, (3) Event_for_month.php, (4) Event_for_week.php, (5) My_Log.php, (6) My_Smarty.php, and possibly (7) Event_for_month_per_day.php.

CPENameOperatorVersion
chaussette:chaussettechaussettele080706

CPE	Name	Operator	Version
chaussette:chaussette	chaussette	le	080706

References

secunia.com/advisories/21489

www.osvdb.org/27897

www.osvdb.org/27898

www.osvdb.org/27899

www.osvdb.org/27900

www.osvdb.org/27901

www.osvdb.org/27902

www.securityfocus.com/bid/19480

www.vupen.com/english/advisories/2006/3269

exchange.xforce.ibmcloud.com/vulnerabilities/28327

www.exploit-db.com/exploits/2169

7.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.333 Low

EPSS

Percentile

97.0%

JSON

Related for CVE-2006-4159

cve1