Lucene search

[email protected]CVE-2006-5432

HistoryOct 20, 2006 - 11:07 p.m.

CVE-2006-5432

2006-10-2023:07:00

[email protected]

web.nvd.nist.gov

cve-2006-5432

direct code injection

phppowercards

security vulnerability

remote file inclusion

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

7.8 High

AI Score

Confidence

Low

0.062 Low

EPSS

Percentile

93.6%

JSON

Multiple direct static code injection vulnerabilities in db/txt.inc.php in phpPowerCards 2.10, when register_globals is enabled, allow remote attackers to create or overwrite arbitrary files via the (1) email[to], (2) email[from], (3) name[to], (4) name[from], (5) picture, (6) comment, or (7) sessionID parameter, as demonstrated by creating a new .php file that permits remote file inclusion, and then requesting this file.

Affected configurations

NVD

Node

marc_giombettiphppowercardsMatch2.10

CPENameOperatorVersion
marc_giombetti:phppowercardsmarc giombetti phppowercardseq2.10

CPE	Name	Operator	Version
marc_giombetti:phppowercards	marc giombetti phppowercards	eq	2.10

References

secunia.com/advisories/22471

www.osvdb.org/29840

www.securityfocus.com/bid/20620

www.vupen.com/english/advisories/2006/4105

exchange.xforce.ibmcloud.com/vulnerabilities/29669

www.exploit-db.com/exploits/2590

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

7.8 High

AI Score

Confidence

Low

0.062 Low

EPSS

Percentile

93.6%

JSON

Related for CVE-2006-5432

cvelist1 nvd1