Lucene search

[email protected]CVE-2006-5101

HistoryOct 03, 2006 - 4:03 a.m.

CVE-2006-5101

2006-10-0304:03:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2006-5101

php

remote file inclusion

comdev csv importer

security vulnerability

nvd

comdev contact form

comdev customer helpdesk

comdev events calendar

comdev faq support

comdev guestbook

comdev links directory

comdev news publisher

comdev newsletter

comdev photo gallery

comdev vote caster

comdev web blogger

comdev ecommerce

8.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.434 Medium

EPSS

Percentile

97.3%

JSON

PHP remote file inclusion vulnerability in include.php in Comdev CSV Importer 3.1 and possibly 4.1, as used in (1) Comdev Contact Form 3.1, (2) Comdev Customer Helpdesk 3.1, (3) Comdev Events Calendar 3.1, (4) Comdev FAQ Support 3.1, (5) Comdev Guestbook 3.1, (6) Comdev Links Directory 3.1, (7) Comdev News Publisher 3.1, (8) Comdev Newsletter 3.1, (9) Comdev Photo Gallery 3.1, (10) Comdev Vote Caster 3.1, (11) Comdev Web Blogger 3.1, and (12) Comdev eCommerce 3.1, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: it has been reported that 4.1 versions might also be affected.

CPENameOperatorVersion
comdev:comdev_csv_importercomdev comdev csv importereq3.1
comdev:comdev_csv_importercomdev comdev csv importereq4.1

CPE	Name	Operator	Version
comdev:comdev_csv_importer	comdev comdev csv importer	eq	3.1
comdev:comdev_csv_importer	comdev comdev csv importer	eq	4.1

References

secunia.com/advisories/22133

secunia.com/advisories/22134

secunia.com/advisories/22135

secunia.com/advisories/22147

secunia.com/advisories/22149

secunia.com/advisories/22151

secunia.com/advisories/22153

secunia.com/advisories/22154

secunia.com/advisories/22157

secunia.com/advisories/22168

secunia.com/advisories/22169

secunia.com/advisories/22170

securityreason.com/securityalert/1658

www.osvdb.org/29299

www.osvdb.org/29300

www.osvdb.org/29301

www.osvdb.org/29302

www.osvdb.org/29303

www.osvdb.org/29304

www.osvdb.org/29305

www.osvdb.org/29306

www.osvdb.org/29307

www.osvdb.org/29308

www.osvdb.org/29309

www.osvdb.org/29310

www.osvdb.org/29311

www.securityfocus.com/archive/1/447184/100/0/threaded

www.securityfocus.com/archive/1/447185/100/0/threaded

www.securityfocus.com/archive/1/447186/100/0/threaded

www.securityfocus.com/archive/1/447187/100/0/threaded

www.securityfocus.com/archive/1/447188/100/0/threaded

www.securityfocus.com/archive/1/447190/100/0/threaded

www.securityfocus.com/archive/1/447192/100/0/threaded

www.securityfocus.com/archive/1/447193/100/0/threaded

www.securityfocus.com/archive/1/447194/100/0/threaded

www.securityfocus.com/archive/1/447201/100/0/threaded

www.securityfocus.com/archive/1/447207/100/0/threaded

www.securityfocus.com/archive/1/447209/100/0/threaded

www.securityfocus.com/archive/1/447213/100/0/threaded

www.vupen.com/english/advisories/2006/3803

www.vupen.com/english/advisories/2006/3804

www.vupen.com/english/advisories/2006/3805

www.vupen.com/english/advisories/2006/3806

www.vupen.com/english/advisories/2006/3807

www.vupen.com/english/advisories/2006/3808

www.vupen.com/english/advisories/2006/3809

www.vupen.com/english/advisories/2006/3810

www.vupen.com/english/advisories/2006/3811

www.vupen.com/english/advisories/2006/3812

www.vupen.com/english/advisories/2006/3813

www.vupen.com/english/advisories/2006/3814

www.vupen.com/english/advisories/2006/3815

exchange.xforce.ibmcloud.com/vulnerabilities/29220

8.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.434 Medium

EPSS

Percentile

97.3%

JSON