Lucene search

[email protected]CVE-2006-6634

HistoryDec 18, 2006 - 11:28 a.m.

CVE-2006-6634

2006-12-1811:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

225

cve-2006-6634

php

remote file inclusion

extcalthai

mambo

arbitrary code execution

nvd

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.045 Low

EPSS

Percentile

92.4%

JSON

Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai (com_extcalendar) 0.9.1 and earlier component for Mambo allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_EXT[LANGUAGES_DIR] parameter to admin_events.php, (2) the mosConfig_absolute_path parameter to extcalendar.php, or (3) the CONFIG_EXT[LIB_DIR] parameter to lib/mail.inc.php.

CPENameOperatorVersion
mambo:extcalthai_modulemambo extcalthai modulele0.9.1

CPE	Name	Operator	Version
mambo:extcalthai_module	mambo extcalthai module	le	0.9.1

References

archives.neohapsis.com/archives/bugtraq/2006-10/0179.html

securityreason.com/securityalert/2041

www.securityfocus.com/bid/20487

exchange.xforce.ibmcloud.com/vulnerabilities/29499

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.045 Low

EPSS

Percentile

92.4%

JSON