Lucene search

[email protected]CVE-2006-4530

HistorySep 01, 2006 - 11:04 p.m.

CVE-2006-4530

2006-09-0123:04:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

code injection

vulnerability

membrepass 1.5

nvd

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.5%

JSON

Direct static code injection vulnerability in include/change.php in membrepass 1.5 allows remote attackers to execute arbitrary PHP code via the aifon parameter, which is injected into include/variable.php.

CPENameOperatorVersion
membrepass:membrepassmembrepasseq1.5

CPE	Name	Operator	Version
membrepass:membrepass	membrepass	eq	1.5

References

secunia.com/advisories/21715

securityreason.com/securityalert/1487

www.securityfocus.com/archive/1/444845/100/0/threaded

www.securityfocus.com/bid/19790

www.vupen.com/english/advisories/2006/3427

exchange.xforce.ibmcloud.com/vulnerabilities/28692

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.5%

JSON