Lucene search

[email protected]CVE-2006-5678

HistoryNov 03, 2006 - 11:07 a.m.

CVE-2006-5678

2006-11-0311:07:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-5678

php

remote file inclusion

vulnerability

j-pierre dezelus les visiteurs

phpmyconferences

nvd

security

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

86.9%

JSON

PHP remote file inclusion vulnerability in common/visiteurs/include/library.inc.php in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the lvc_modules_dir parameter. NOTE: CVE disputes this vulnerability, because the inclusion occurs in a function that is not called during a direct request to library.inc.php

CPENameOperatorVersion
j-pierre_dezelus:les_visiteursj-pierre dezelus les visiteurseq2.0.1
phpmyconferences:phpmyconferencesphpmyconferenceseq8.0.2

CPE	Name	Operator	Version
j-pierre_dezelus:les_visiteurs	j-pierre dezelus les visiteurs	eq	2.0.1
phpmyconferences:phpmyconferences	phpmyconferences	eq	8.0.2

References

securityreason.com/securityalert/1810

www.attrition.org/pipermail/vim/2006-November/001105.html

www.securityfocus.com/archive/1/450140/100/0/threaded

www.securityfocus.com/archive/1/450467/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/29919

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

86.9%

JSON