Lucene search

[email protected]CVE-2006-5509

HistoryOct 25, 2006 - 10:07 p.m.

CVE-2006-5509

2006-10-2522:07:00

[email protected]

web.nvd.nist.gov

cve-2006-5509

eval injection

sql injection

remote code execution

woltlab burning book

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.8%

JSON

Eval injection vulnerability in addentry.php in WoltLab Burning Book 1.1.2 allows remote attackers to execute arbitrary PHP code via crafted POST requests that store PHP code in a database that is later processed by eval, as demonstrated using SQL injection via the n parameter.

Affected configurations

NVD

Node

woltlabburning_bookMatch1.1.2

CPENameOperatorVersion
woltlab:burning_bookwoltlab burning bookeq1.1.2

CPE	Name	Operator	Version
woltlab:burning_book	woltlab burning book	eq	1.1.2

References

secunia.com/advisories/22442

securityreason.com/securityalert/1774

www.security.nnov.ru/Odocument711.html

www.securityfocus.com/archive/1/448796/100/100/threaded

www.securityfocus.com/bid/20563

www.vupen.com/english/advisories/2006/4062

exchange.xforce.ibmcloud.com/vulnerabilities/29599

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.8%

JSON

Related for CVE-2006-5509

nvd1 cvelist1