Lucene search

[email protected]CVE-2006-5263

HistoryOct 12, 2006 - 10:07 p.m.

CVE-2006-5263

2006-10-1222:07:00

[email protected]

web.nvd.nist.gov

cve

2006

5263

directory traversal

templates

header.php3

phpmyagenda

remote attackers

arbitrary local files

language parameter

apache http server

log file

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.6%

JSON

Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.

Affected configurations

NVD

Node

phpmyagendaphpmyagendaRange≤3.1_beta_1

CPENameOperatorVersion
phpmyagenda:phpmyagendaphpmyagendale3.1_beta_1

CPE	Name	Operator	Version
phpmyagenda:phpmyagenda	phpmyagenda	le	3.1_beta_1

References

secunia.com/advisories/22346

www.securityfocus.com/bid/20453

www.vupen.com/english/advisories/2006/4005

exchange.xforce.ibmcloud.com/vulnerabilities/29413

www.exploit-db.com/exploits/2500

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.6%

JSON

Related for CVE-2006-5263

nvd1 cvelist1