Lucene search

Ubuntu.comUB:CVE-2006-1895

HistoryApr 20, 2006 - 12:00 a.m.

CVE-2006-1895

2006-04-2000:00:00

ubuntu.com

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.7%

JSON

Direct static code injection vulnerability in includes/template.php in
phpBB allows remote authenticated users with write access to execute
arbitrary PHP code by modifying a template in a way that (1) bypasses a
loose “.*” regular expression to match BEGIN and END statements in
overall_header.tpl, or (2) is used in an eval statement by
includes/bbcode.php for bbcode.tpl.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365535>

Notes

Author	Note
mdeslaur	not a security issue

References

launchpad.net/bugs/cve/CVE-2006-1895

nvd.nist.gov/vuln/detail/CVE-2006-1895

security-tracker.debian.org/tracker/CVE-2006-1895

www.cve.org/CVERecord?id=CVE-2006-1895

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.7%

JSON

Related for UB:CVE-2006-1895