Lucene search

[email protected]CVE-2006-4191

HistoryAug 17, 2006 - 1:04 a.m.

CVE-2006-4191

2006-08-1701:04:00

[email protected]

web.nvd.nist.gov

xmb

directory traversal

remote code execution

cve-2006-4191

security vulnerability

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.1%

JSON

Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.

Affected configurations

NVD

Node

xmb_softwareextreme_message_boardRange≤1.9.6

CPENameOperatorVersion
xmb_software:extreme_message_boardxmb software extreme message boardle1.9.6

CPE	Name	Operator	Version
xmb_software:extreme_message_board	xmb software extreme message board	le	1.9.6

References

retrogod.altervista.org/xmb_196_sql.html

secunia.com/advisories/21293

securityreason.com/securityalert/1411

www.securityfocus.com/archive/1/443167/100/0/threaded

www.securityfocus.com/bid/19494

www.securityfocus.com/bid/19501

docs.xmbforum2.com/index.php?title=Security_Issue_History

exchange.xforce.ibmcloud.com/vulnerabilities/28356

www.exploit-db.com/exploits/2178

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.1%

JSON

Related for CVE-2006-4191

nvd1 cvelist1