Lucene search

[email protected]CVE-2006-4962

HistorySep 23, 2006 - 10:07 a.m.

CVE-2006-4962

2006-09-2310:07:00

[email protected]

web.nvd.nist.gov

cve

directory traversal

vulnerability

php blue dragon

security

remote attack

nvd

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7.5 High

AI Score

Confidence

Low

0.032 Low

EPSS

Percentile

91.2%

JSON

Directory traversal vulnerability in pbd_engine.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to read and execute arbitrary local files via a … (dot dot) sequence via the phpExt parameter, as demonstrated by executing PHP code in a log file.

Affected configurations

NVD

Node

blue_dragonphp_blue_dragonMatchplatinum_2.8.0

blue_dragonphp_blue_dragonMatchplatinum_2.9.1

CPENameOperatorVersion
blue_dragon:php_blue_dragonblue dragon php blue dragoneqplatinum_2.8.0
blue_dragon:php_blue_dragonblue dragon php blue dragoneqplatinum_2.9.1

CPE	Name	Operator	Version
blue_dragon:php_blue_dragon	blue dragon php blue dragon	eq	platinum_2.8.0
blue_dragon:php_blue_dragon	blue dragon php blue dragon	eq	platinum_2.9.1

References

secunia.com/advisories/22031

www.securityfocus.com/bid/20123

www.securityfocus.com/bid/25264

www.vupen.com/english/advisories/2006/3736

exchange.xforce.ibmcloud.com/vulnerabilities/29067

www.exploit-db.com/exploits/2402

www.exploit-db.com/exploits/4277

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7.5 High

AI Score

Confidence

Low

0.032 Low

EPSS

Percentile

91.2%

JSON

Related for CVE-2006-4962

cvelist1 nvd1