Lucene search

[email protected]CVE-2006-4864

HistorySep 19, 2006 - 6:07 p.m.

CVE-2006-4864

2006-09-1918:07:00

[email protected]

web.nvd.nist.gov

cve-2006-4864

php

remote file inclusion

vulnerability

all enthusiast reviewpost 2.5

arbitrary code execution

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.044 Low

EPSS

Percentile

92.5%

JSON

PHP remote file inclusion vulnerability in index.php in All Enthusiast ReviewPost 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the RP_PATH parameter.

Affected configurations

NVD

Node

all_enthusiast_increviewpost_php_proMatch2.5

CPENameOperatorVersion
all_enthusiast_inc:reviewpost_php_proall enthusiast inc reviewpost php proeq2.5

CPE	Name	Operator	Version
all_enthusiast_inc:reviewpost_php_pro	all enthusiast inc reviewpost php pro	eq	2.5

References

secunia.com/advisories/21971

securityreason.com/securityalert/1603

www.nyubicrew.org/adv/home_edition2001-adv-01.txt

www.securityfocus.com/archive/1/446106/100/0/threaded

www.vupen.com/english/advisories/2006/3658

exchange.xforce.ibmcloud.com/vulnerabilities/28992

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.044 Low

EPSS

Percentile

92.5%

JSON

Related for CVE-2006-4864

cvelist1 nvd1