Description
PHP remote file inclusion vulnerability in bb_usage_stats/includes/bb_usage_stats.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780.
Affected Software
Related
{"id": "CVE-2006-4893", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2006-4893", "description": "PHP remote file inclusion vulnerability in bb_usage_stats/includes/bb_usage_stats.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780.", "published": "2006-09-19T22:07:00", "modified": "2018-10-17T21:40:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}, "cvss3": {}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4893", "reporter": "cve@mitre.org", "references": ["http://nyubicrew.org/adv/Noge_adv_02.txt", "http://www.securityfocus.com/bid/20046", "http://secunia.com/advisories/21970", "http://www.osvdb.org/28918", "http://securityreason.com/securityalert/1617", "http://www.vupen.com/english/advisories/2006/3654", "http://www.securityfocus.com/archive/1/452469/100/200/threaded", "http://www.securityfocus.com/archive/1/446108/100/0/threaded"], "cvelist": ["CVE-2006-4780", "CVE-2006-4893"], "immutableFields": [], "lastseen": "2022-03-23T16:18:17", "viewCount": 51, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-5094", "CVE-2006-7148"]}], "rev": 4}, "score": {"value": 4.8, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2006-4780"]}]}, "exploitation": null, "vulnersScore": 4.8}, "_state": {"dependencies": 0}, "_internal": {}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:phpbb_xs:phpbb_xs:0.58"], "cpe23": ["cpe:2.3:a:phpbb_xs:phpbb_xs:0.58:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "affectedSoftware": [{"cpeName": "phpbb_xs:phpbb_xs", "version": "0.58", "operator": "le", "name": "phpbb xs"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:phpbb_xs:phpbb_xs:0.58:*:*:*:*:*:*:*", "versionEndIncluding": "0.58", "cpe_name": []}]}]}, "extraReferences": [{"url": "http://nyubicrew.org/adv/Noge_adv_02.txt", "name": "http://nyubicrew.org/adv/Noge_adv_02.txt", "refsource": "MISC", "tags": ["Exploit"]}, {"url": "http://www.securityfocus.com/bid/20046", "name": "20046", "refsource": "BID", "tags": ["Exploit"]}, {"url": "http://secunia.com/advisories/21970", "name": "21970", "refsource": "SECUNIA", "tags": ["Vendor Advisory"]}, {"url": "http://www.osvdb.org/28918", "name": "28918", "refsource": "OSVDB", "tags": []}, {"url": "http://securityreason.com/securityalert/1617", "name": "1617", "refsource": "SREASON", "tags": []}, {"url": "http://www.vupen.com/english/advisories/2006/3654", "name": "ADV-2006-3654", "refsource": "VUPEN", "tags": []}, {"url": "http://www.securityfocus.com/archive/1/452469/100/200/threaded", "name": "20061123 Re: SolpotCrew Advisory #10 - phpBB XS (phpbb_root_path) Remote File Include", "refsource": "BUGTRAQ", "tags": []}, {"url": "http://www.securityfocus.com/archive/1/446108/100/0/threaded", "name": "20060915 SolpotCrew Advisory #10 - phpBB XS (phpbb_root_path) Remote File Include", "refsource": "BUGTRAQ", "tags": []}]}
{"cve": [{"lastseen": "2022-03-23T16:24:09", "description": "PHP remote file inclusion vulnerability in includes/functions_kb.php in the phpBB XS 2 (Spain version) allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780 or CVE-2006-4893.", "cvss3": {}, "published": "2006-09-29T21:07:00", "type": "cve", "title": "CVE-2006-5094", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4780", "CVE-2006-4893", "CVE-2006-5094"], "modified": "2018-10-17T21:41:00", "cpe": ["cpe:/a:phpbb_xs:phpbb_xs:2"], "id": "CVE-2006-5094", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5094", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:phpbb_xs:phpbb_xs:2:*:spain_version:*:*:*:*:*"]}, {"lastseen": "2022-03-23T17:42:31", "description": "PHP remote file inclusion vulnerability in includes/bb_usage_stats.php in maluinfo 206.2.38 for Brazilian PHPBB allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. NOTE: this might be the same issues as CVE-2006-4893.", "cvss3": {}, "published": "2007-03-07T20:19:00", "type": "cve", "title": "CVE-2006-7148", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4893", "CVE-2006-7148"], "modified": "2018-10-16T16:29:00", "cpe": ["cpe:/a:phpbb:maluinfo:206.2.38"], "id": "CVE-2006-7148", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-7148", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:phpbb:maluinfo:206.2.38:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T16:15:23", "description": "PHP remote file inclusion vulnerability in includes/functions.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.", "cvss3": {}, "published": "2006-09-14T10:07:00", "type": "cve", "title": "CVE-2006-4780", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2006-4780"], "modified": "2018-10-17T21:39:00", "cpe": ["cpe:/a:phpbbxs:phpbb_xs:0.58"], "id": "CVE-2006-4780", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4780", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:phpbbxs:phpbb_xs:0.58:*:*:*:*:*:*:*"]}]}