Lucene search

[email protected]CVE-2006-5390

HistoryOct 18, 2006 - 7:07 p.m.

CVE-2006-5390

2006-10-1819:07:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2006-5390

php

remote file inclusion

vulnerability

acp

user registration

mmw 1.00

phpbb

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

High

0.063 Low

EPSS

Percentile

93.7%

JSON

PHP remote file inclusion vulnerability in includes/functions_mod_user.php in the ACP User Registration (MMW) 1.00 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

Affected configurations

NVD

Node

phpbbacp_user_registration_moduleMatch1.00

CPENameOperatorVersion
phpbb:acp_user_registration_modulephpbb acp user registration moduleeq1.00

CPE	Name	Operator	Version
phpbb:acp_user_registration_module	phpbb acp user registration module	eq	1.00

References

secunia.com/advisories/22436

www.osvdb.org/29734

www.phpbb.com/phpBB/viewtopic.php?p=2504370#2504370

www.securityfocus.com/bid/20558

exchange.xforce.ibmcloud.com/vulnerabilities/29571

www.exploit-db.com/exploits/2551

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

High

0.063 Low

EPSS

Percentile

93.7%

JSON

Related for CVE-2006-5390

cvelist1 nvd1 nessus1