Lucene search

[email protected]CVE-2006-4720

HistorySep 12, 2006 - 4:07 p.m.

CVE-2006-4720

2006-09-1216:07:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-4720

php

remote file inclusion

mcgallerypro 2006

vulnerability

nvd

8.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.076 Low

EPSS

Percentile

94.1%

JSON

PHP remote file inclusion vulnerability in random2.php in mcGalleryPRO 2006 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter.

CPENameOperatorVersion
mcgallery:mcgallery_promcgallery mcgallery proeq2006
mcgallery:mcgallery_promcgallery mcgallery proeq2.2

CPE	Name	Operator	Version
mcgallery:mcgallery_pro	mcgallery mcgallery pro	eq	2006
mcgallery:mcgallery_pro	mcgallery mcgallery pro	eq	2.2

References

secunia.com/advisories/21850

securityreason.com/securityalert/1556

www.nyubicrew.org/adv/solpot-adv-06.txt

www.securityfocus.com/archive/1/445783/100/0/threaded

www.securityfocus.com/bid/19936

www.vupen.com/english/advisories/2006/3543

exchange.xforce.ibmcloud.com/vulnerabilities/28848

www.exploit-db.com/exploits/2342

8.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.076 Low

EPSS

Percentile

94.1%

JSON