Lucene search

[email protected]CVE-2006-6732

HistoryDec 26, 2006 - 11:28 p.m.

CVE-2006-6732

2006-12-2623:28:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2006-6732

php

remote file inclusion

cwmvote 1.0

arbitrary code execution

url

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.051 Low

EPSS

Percentile

93.0%

JSON

PHP remote file inclusion vulnerability in archive.php in cwmVote 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the abs parameter.

Affected configurations

NVD

Node

cwm-designcwmvoteMatch1.0

CPENameOperatorVersion
cwm-design:cwmvotecwm-design cwmvoteeq1.0

CPE	Name	Operator	Version
cwm-design:cwmvote	cwm-design cwmvote	eq	1.0

References

secunia.com/advisories/23434

www.securityfocus.com/bid/21670

www.vupen.com/english/advisories/2006/5084

exchange.xforce.ibmcloud.com/vulnerabilities/30966

www.exploit-db.com/exploits/2958

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.051 Low

EPSS

Percentile

93.0%

JSON

Related for CVE-2006-6732

nvd1 cvelist1