Lucene search

[email protected]CVE-2006-7120

HistoryMar 06, 2007 - 1:19 a.m.

CVE-2006-7120

2007-03-0601:19:00

[email protected]

web.nvd.nist.gov

cve-2006-7120

php

remote file inclusion

vulnerability

lib/php

maintain 3.0.0-rc2

arbitrary code execution

url

phphtmllib parameter

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.053 Low

EPSS

Percentile

93.1%

JSON

PHP remote file inclusion vulnerability in lib/php/phphtmllib-2.5.4/examples/example6.php for maintain 3.0.0-RC2 allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter. NOTE: this issue might be in phpHtmlLib. NOTE: CVE disputes this issue for proper installations of maintain, since $phphtmllib is set in includes.inc before being used in example6.php

Affected configurations

NVD

Node

osu_open_source_labmaintainMatch3.0.0_rc_2

CPENameOperatorVersion
osu_open_source_lab:maintainosu open source lab maintaineq3.0.0_rc_2

CPE	Name	Operator	Version
osu_open_source_lab:maintain	osu open source lab maintain	eq	3.0.0_rc_2

References

securityreason.com/securityalert/2359

www.securityfocus.com/archive/1/448780/100/0/threaded

www.securityfocus.com/bid/20560

exchange.xforce.ibmcloud.com/vulnerabilities/29596

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.053 Low

EPSS

Percentile

93.1%

JSON

Related for CVE-2006-7120

cvelist1 nvd1