Lucene search

[email protected]CVE-2006-4631

HistorySep 08, 2006 - 8:04 p.m.

CVE-2006-4631

2006-09-0820:04:00

[email protected]

web.nvd.nist.gov

cve-2006-4631

static code injection

softbb

admin

php

remote code execution

nvd

7.8 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.049 Low

EPSS

Percentile

92.8%

JSON

Direct static code injection vulnerability in admin/save_opt.php in SoftBB 0.1, and possibly earlier, allows remote authenticated users to upload and execute arbitrary PHP code via the cache_forum parameter, which saves the code to info_options.php, which is accessible via a direct request.

Affected configurations

NVD

Node

softbbsoftbbRange≤0.1

CPENameOperatorVersion
softbb:softbbsoftbble0.1

CPE	Name	Operator	Version
softbb:softbb	softbb	le	0.1

References

acid-root.new.fr/advisories/10060904.txt

secunia.com/advisories/21761

securityreason.com/securityalert/1521

securitytracker.com/id?1016785

www.osvdb.org/28579

www.securityfocus.com/archive/1/445087/100/0/threaded

www.vupen.com/english/advisories/2006/3478

exchange.xforce.ibmcloud.com/vulnerabilities/28749

www.exploit-db.com/exploits/2300

7.8 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.049 Low

EPSS

Percentile

92.8%

JSON

Related for CVE-2006-4631

nvd1 cvelist1