Lucene search

MitreCVE-2006-5223

HistoryOct 10, 2006 - 9:07 p.m.

CVE-2006-5223

2006-10-1021:07:00

mitre

web.nvd.nist.gov

cve-2006-5223

php

remote file inclusion

nivisec

user viewed posts tracker

phpbb

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.186

Percentile

96.2%

JSON

PHP remote file inclusion vulnerability in includes/functions_user_viewed_posts.php in the Nivisec User Viewed Posts Tracker module 1.0 and earlier for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

Affected configurations

Nvd

Node

nivisecuser_viewed_posts_trackerMatch1.0

VendorProductVersionCPE
nivisecuser_viewed_posts_tracker1.0cpe:2.3:a:nivisec:user_viewed_posts_tracker:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nivisec	user_viewed_posts_tracker	1.0	cpe:2.3:a:nivisec:user_viewed_posts_tracker:1.0:::::::*

References

secunia.com/advisories/22305

securityreason.com/securityalert/1705

www.nivisec.com/article.php?l=vi&ar=19

www.securityfocus.com/archive/1/447932/100/0/threaded

www.securityfocus.com/archive/1/448445/100/0/threaded

www.securityfocus.com/bid/20385

www.vupen.com/english/advisories/2006/3947

exchange.xforce.ibmcloud.com/vulnerabilities/29383

www.exploit-db.com/exploits/2483

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.186

Percentile

96.2%

JSON

Related for CVE-2006-5223