Lucene search

[email protected]CVE-2006-5308

HistoryOct 17, 2006 - 3:07 p.m.

CVE-2006-5308

2006-10-1715:07:00

[email protected]

web.nvd.nist.gov

cve

2006

5308

php

remote file inclusion

vulnerability

open conference systems

ocs

arbitrary code execution

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.386 Low

EPSS

Percentile

97.3%

JSON

Multiple PHP remote file inclusion vulnerabilities in Open Conference Systems (OCS) before 1.1.6 allow remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter in (1) include/theme.inc.php or (2) include/footer.inc.php.

Affected configurations

NVD

Node

open_conference_systemsopen_conference_systemsRange≤1.1.5

CPENameOperatorVersion
open_conference_systems:open_conference_systemsopen conference systemsle1.1.5

CPE	Name	Operator	Version
open_conference_systems:open_conference_systems	open conference systems	le	1.1.5

References

isc.sans.org/diary.php?storyid=1791

pkp.sfu.ca/ocs_download

pkp.sfu.ca:8043/bugzilla/attachment.cgi?id=90

pkp.sfu.ca:8043/bugzilla/show_bug.cgi?id=2436

secunia.com/advisories/22412

securitytracker.com/id?1017071

www.securityfocus.com/archive/1/448548/100/0/threaded

www.securityfocus.com/bid/20567

www.vupen.com/english/advisories/2006/4041

exchange.xforce.ibmcloud.com/vulnerabilities/29517

www.exploit-db.com/exploits/2536

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.386 Low

EPSS

Percentile

97.3%

JSON

Related for CVE-2006-5308

cvelist1 nvd1 nessus1