Lucene search

[email protected]CVE-2006-4596

HistorySep 07, 2006 - 12:04 a.m.

CVE-2006-4596

2006-09-0700:04:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-4596

php

remote file inclusion

mybace light skrip

register_globals

8.4 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.084 Low

EPSS

Percentile

94.3%

JSON

PHP remote file inclusion in MyBace Light Skrip, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) hauptverzeichniss parameter in includes/login_check.php and the (2) template_back parameter in admin/login/content/user_daten.php.

CPENameOperatorVersion
mybace_light:mybace_lightmybace lighteq*

CPE	Name	Operator	Version
mybace_light:mybace_light	mybace light	eq	*

References

secunia.com/advisories/21746

www.bb-pcsecurity.de/Websecurity/384/org/MyBace_Light_%28hauptverzeichniss%29_Remote_File_Inclusion.htm

www.securityfocus.com/archive/1/445185/100/0/threaded

www.securityfocus.com/bid/19811

www.securityfocus.com/bid/19830

www.vupen.com/english/advisories/2006/3447

8.4 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.084 Low

EPSS

Percentile

94.3%

JSON