Lucene search

[email protected]CVE-2006-4451

HistoryAug 30, 2006 - 1:04 a.m.

CVE-2006-4451

2006-08-3001:04:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cj tag board

static code injection

vulnerability

remote attackers

php code

nvd

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.5%

JSON

Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the (1) User-Agent HTTP header in tag.php, which is executed by all.php, and (2) the banned parameter in admin_index.php.

CPENameOperatorVersion
cj_design:cj_tag_boardcj design cj tag boardeq3.0

CPE	Name	Operator	Version
cj_design:cj_tag_board	cj design cj tag board	eq	3.0

References

secunia.com/advisories/21561

secunia.com/secunia_research/2006-61/advisory/

www.securityfocus.com/bid/19748

www.vupen.com/english/advisories/2006/3406

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.5%

JSON