Lucene search

[email protected]CVE-2006-4476

HistoryAug 31, 2006 - 8:04 p.m.

CVE-2006-4476

2006-08-3120:04:00

CWE-94

CWE-264

[email protected]

web.nvd.nist.gov

joomla

cve-2006-4476

injection flaws

security

vulnerability

nvd

7.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.8%

JSON

Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to “Injection Flaws,” allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Image; (4) ->load(); (5) content submissions when frontpage is selected; (6) the mosPageNav constructor; (7) saveOrder functions; (8) the absence of “exploit blocking rules” in htaccess; and (9) the ACL.

CPENameOperatorVersion
joomla:joomlajoomlaeq1.0.9
joomla:joomlajoomlale1.0.10

CPE	Name	Operator	Version
joomla:joomla	joomla	eq	1.0.9
joomla:joomla	joomla	le	1.0.10

References

secunia.com/advisories/21666

www.joomla.org/content/view/1841/78/

www.joomla.org/content/view/1843/74/

www.vupen.com/english/advisories/2006/3408

7.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.8%

JSON