Lucene search

[email protected]CVE-2006-4678

HistorySep 11, 2006 - 5:04 p.m.

CVE-2006-4678

2006-09-1117:04:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-4678

php

remote file inclusion

news evolution 3.0.3

vulnerability

nvd

8.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.051 Low

EPSS

Percentile

92.9%

JSON

PHP remote file inclusion vulnerability in News Evolution 3.0.3 allows remote attackers to execute arbitrary PHP code via the _NE[AbsPath] parameter in (1) install.php and (2) migrateNE2toNE3.php.

CPENameOperatorVersion
comscripts:news_evolutioncomscripts news evolutioneq3.0.3

CPE	Name	Operator	Version
comscripts:news_evolution	comscripts news evolution	eq	3.0.3

References

securityreason.com/securityalert/1536

www.securityfocus.com/archive/1/445576/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/28803

8.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.051 Low

EPSS

Percentile

92.9%

JSON