Lucene search

[email protected]CVE-2006-4198

HistoryAug 17, 2006 - 9:04 p.m.

CVE-2006-4198

2006-08-1721:04:00

[email protected]

web.nvd.nist.gov

cve-2006-4198

php

remote file inclusion

wheatblog

vulnerability

nvd

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.207 Low

EPSS

Percentile

96.4%

JSON

PHP remote file inclusion vulnerability in includes/session.php in Wheatblog (wB) 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wb_class_dir parameter.

Affected configurations

NVD

Node

wheatblogwheatblogRange≤1.1

wheatblogwheatblogMatch1.0

CPENameOperatorVersion
wheatblog:wheatblogwheatblogle1.1
wheatblog:wheatblogwheatblogeq1.0

CPE	Name	Operator	Version
wheatblog:wheatblog	wheatblog	le	1.1
wheatblog:wheatblog	wheatblog	eq	1.0

References

secunia.com/advisories/25903

securityreason.com/securityalert/1410

secwatch.org/advisories/1015085/

sourceforge.net/forum/forum.php?forum_id=601184

www.securityfocus.com/archive/1/442987/100/0/threaded

www.securityfocus.com/archive/1/472575/100/0/threaded

www.securityfocus.com/bid/19482

www.vupen.com/english/advisories/2007/2405

exchange.xforce.ibmcloud.com/vulnerabilities/28338

www.exploit-db.com/exploits/2174

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.207 Low

EPSS

Percentile

96.4%

JSON

Related for CVE-2006-4198

cvelist1 nvd1