Lucene search

[email protected]CVE-2006-5485

HistoryOct 24, 2006 - 10:07 p.m.

CVE-2006-5485

2006-10-2422:07:00

[email protected]

web.nvd.nist.gov

cve

2006

5485

php

remote file inclusion

vulnerabilities

speedberg 1.2beta1

execute

arbitrary code

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.066 Low

EPSS

Percentile

93.8%

JSON

Multiple PHP remote file inclusion vulnerabilities in SpeedBerg 1.2beta1 allow remote attackers to execute arbitrary PHP code via a URL in the SPEEDBERG_PATH parameter to (1) entrancePage.tpl.php, (2) generalToolBox.tlb.php, (3) myToolBox.tlb.php, (4) scriplet.inc.php, (5) simplePage.tpl.php, (6) speedberg.class.php, and (7) standardPage.tpl.php.

Affected configurations

NVD

Node

speedbergspeedbergMatch1.2_beta1

CPENameOperatorVersion
speedberg:speedbergspeedbergeq1.2_beta1

CPE	Name	Operator	Version
speedberg:speedberg	speedberg	eq	1.2_beta1

References

securityreason.com/securityalert/1762

www.attrition.org/pipermail/vim/2006-October/001091.html

www.securityfocus.com/archive/1/449468/100/0/threaded

www.securityfocus.com/bid/20670

exchange.xforce.ibmcloud.com/vulnerabilities/29699

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.066 Low

EPSS

Percentile

93.8%

JSON

Related for CVE-2006-5485

nvd1 cvelist1