Lucene search

K
cve[email protected]CVE-2006-5392
HistoryOct 18, 2006 - 7:07 p.m.

CVE-2006-5392

2006-10-1819:07:00
NVD-CWE-Other
web.nvd.nist.gov
20
cve
2006
5392
php
remote file inclusion
opendock fullcore
vulnerabilities
execute arbitrary code
url
doc_directory parameter
sw
cart.php
lib_cart.php
find_comment.php

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.233 Low

EPSS

Percentile

96.4%

Multiple PHP remote file inclusion vulnerabilities in OpenDock FullCore 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) sw/index_sw.php; (2) cart.php, (3) lib_cart.php, (4) lib_read_cart.php, (5) lib_sys_cart.php, and (6) txt_info_cart.php in sw/lib_cart/; (7) comment.php, (8) find_comment.php, and (9) lib_comment.php in sw/lib_comment/; (10) sw/lib_find/find.php; and other unspecified PHP scripts.

CPENameOperatorVersion
opendoc:fullcoreopendoc fullcorele4.4

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.233 Low

EPSS

Percentile

96.4%