CVE-2006-3689

2006-07-1821:00:00

mitre

www.cve.org

7.5 High

AI Score

Confidence

High

0.153 Low

EPSS

Percentile

95.9%

JSON

PHP remote file inclusion vulnerability in user-func.php in Codeworks Gnomedia SubberZ[Lite] allows remote attackers to execute arbitrary PHP code via a URL in the myadmindir parameter. NOTE: this issue has been disputed by a third party that claims that " the myadmindir variable is set before any GET variables are processed.

References

securityreason.com/securityalert/1246

www.osvdb.org/28592

www.securityfocus.com/archive/1/440139/100/0/threaded

www.securityfocus.com/archive/1/440864/100/100/threaded

www.securityfocus.com/bid/18990

exchange.xforce.ibmcloud.com/vulnerabilities/27748