Lucene search

[email protected]CVE-2006-4749

HistorySep 13, 2006 - 10:07 p.m.

CVE-2006-4749

2006-09-1322:07:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-4749

php

remote file inclusion

vulnerability

phpatm

arbitrary code execution

activate.php

configure.php

fileop.php

getimg.php

ipblocked.php

showrecent.php

showtophits.php

usrmanag.php

viewer_bottom.php

viewer_content.php

viewer_top.php

7.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

79.2%

JSON

Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpATM) 1.20 allow remote attackers to execute arbitrary PHP code via the include_location parameter in (1) activate.php, (2) configure.php, (3) fileop.php, (4) getimg.php, (5) ipblocked.php, (6) register.php, (7) showrecent.php, (8) showtophits.php, (9) usrmanag.php, (10) viewer_bottom.php, (11) viewer_content.php, and (12) viewer_top.php. NOTE: The login.php and confirm.php vectors are already covered by CVE-2006-4594.

CPENameOperatorVersion
bugada_andrea:php_advanced_transfer_managerbugada andrea php advanced transfer managereq1.20

CPE	Name	Operator	Version
bugada_andrea:php_advanced_transfer_manager	bugada andrea php advanced transfer manager	eq	1.20

References

www.securityfocus.com/archive/1/445742/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/28874

7.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

79.2%

JSON

Related for CVE-2006-4749

cve1