Lucene search

[email protected]CVE-2006-6043

HistoryNov 22, 2006 - 12:07 a.m.

CVE-2006-6043

2006-11-2200:07:00

[email protected]

web.nvd.nist.gov

cve-2006-6043

php

file inclusion

vulnerability

oliver

webshare

nvd

remote attackers

arbitrary code

security

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.3%

JSON

PHP file inclusion vulnerability in loginform-inc.php in Oliver (formerly Webshare) 1.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the conf[motdfile] parameter, which is accessed by the file_exists function.

Affected configurations

NVD

Node

oliveroliverRange≤1.2.2

CPENameOperatorVersion
oliver:oliveroliverle1.2.2

CPE	Name	Operator	Version
oliver:oliver	oliver	le	1.2.2

References

secunia.com/advisories/23031

www.securityfocus.com/bid/21202/info

www.vupen.com/english/advisories/2006/4608

exchange.xforce.ibmcloud.com/vulnerabilities/30415

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.3%

JSON

Related for CVE-2006-6043

nvd1 cvelist1