Lucene search

[email protected]CVE-2006-4296

HistoryAug 23, 2006 - 1:04 a.m.

CVE-2006-4296

2006-08-2301:04:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-4296

php

remote file inclusion

bigape-backup

mambo 1.1

vulnerability

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.1 Low

EPSS

Percentile

94.8%

JSON

PHP remote file inclusion vulnerability in classes/Tar.php in bigAPE-Backup component (com_babackup) for Mambo 1.1 allows remote attackers to include arbitrary files via the mosConfig_absolute_path parameter.

CPENameOperatorVersion
mambo:bigape-backup_componentmambo bigape-backup componenteq*

CPE	Name	Operator	Version
mambo:bigape-backup_component	mambo bigape-backup component	eq	*

References

secunia.com/advisories/21574

www.osvdb.org/28032

www.securityfocus.com/bid/19616

www.vupen.com/english/advisories/2006/3340

exchange.xforce.ibmcloud.com/vulnerabilities/28468

www.exploit-db.com/exploits/2225

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.1 Low

EPSS

Percentile

94.8%

JSON