Lucene search

PRIOn knowledge basePRION:CVE-2006-1784

HistoryApr 13, 2006 - 10:02 p.m.

Remote file inclusion

2006-04-1322:02:00

PRIOn knowledge base

www.prio-n.com

7.8 High

AI Score

Confidence

High

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.066 Low

EPSS

Percentile

93.6%

JSON

PHP remote file inclusion vulnerability in admin/configset.php in Sphider 1.3 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings_dir parameter.

CPENameOperatorVersion
sphidereq1.3
sphidereq1.3.0-rc1
sphidereq1.3.0-rc2

Name	Operator	Version
sphider	eq	1.3
sphider	eq	1.3.0-rc1
sphider	eq	1.3.0-rc2

References

secunia.com/advisories/19642

www.securityfocus.com/bid/17514

www.vupen.com/english/advisories/2006/1341

exchange.xforce.ibmcloud.com/vulnerabilities/25780

www.exploit-db.com/exploits/1665

7.8 High

AI Score

Confidence

High

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.066 Low

EPSS

Percentile

93.6%

JSON

Related for PRION:CVE-2006-1784