Lucene search

[email protected]CVE-2006-7052

HistoryFeb 24, 2007 - 12:28 a.m.

CVE-2006-7052

2007-02-2400:28:00

[email protected]

web.nvd.nist.gov

cve-2006-7052

dotwidget for articles

php

remote file inclusion

vulnerability

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

Low

0.026 Low

EPSS

Percentile

90.4%

JSON

Multiple PHP remote file inclusion vulnerabilities in DotWidget For Articles (dotwidgeta) 0.2 allow remote attackers to execute arbitrary code via a URL in the (1) file_path parameter to (a) index.php, (b) showcatpicks.php, and © showarticle.php; and the (2) admin_header_file and (3) admin_footer_file parameters to (d) admin/authors.php, (e) admin/index.php, (f) admin/categories.php, (g) admin/editconfig.php, and (h) admin/articles.php.

Affected configurations

NVD

Node

keith_reichleydotwidget_for_articlesMatch0.2

CPENameOperatorVersion
keith_reichley:dotwidget_for_articleskeith reichley dotwidget for articleseq0.2

CPE	Name	Operator	Version
keith_reichley:dotwidget_for_articles	keith reichley dotwidget for articles	eq	0.2

References

securityreason.com/securityalert/2308

www.securityfocus.com/archive/1/437483

www.securityfocus.com/bid/18479

exchange.xforce.ibmcloud.com/vulnerabilities/27327

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

Low

0.026 Low

EPSS

Percentile

90.4%

JSON

Related for CVE-2006-7052

nvd1 cvelist1