Podatność CVE-2006-5101


Publikacja: 2006-10-03   Modyfikacja: 2012-02-12

Opis:
PHP remote file inclusion vulnerability in include.php in Comdev CSV Importer 3.1 and possibly 4.1, as used in (1) Comdev Contact Form 3.1, (2) Comdev Customer Helpdesk 3.1, (3) Comdev Events Calendar 3.1, (4) Comdev FAQ Support 3.1, (5) Comdev Guestbook 3.1, (6) Comdev Links Directory 3.1, (7) Comdev News Publisher 3.1, (8) Comdev Newsletter 3.1, (9) Comdev Photo Gallery 3.1, (10) Comdev Vote Caster 3.1, (11) Comdev Web Blogger 3.1, and (12) Comdev eCommerce 3.1, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: it has been reported that 4.1 versions might also be affected.

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
High
Comdev Events Calendar 3.1 :) <= Remote File Inclusion
rUnViRuS
03.10.2006

Typ:

CWE-94

(Improper Control of Generation of Code ('Code Injection'))

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
7.5/10
6.4/10
10/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Niska
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Częściowy
Częściowy
Częściowy
Affected software
Comdev -> Comdev csv importer 

 Referencje:
http://securityreason.com/securityalert/1658
http://www.securityfocus.com/archive/1/447184/100/0/threaded
http://www.securityfocus.com/archive/1/447185/100/0/threaded
http://www.securityfocus.com/archive/1/447186/100/0/threaded
http://www.securityfocus.com/archive/1/447187/100/0/threaded
http://www.securityfocus.com/archive/1/447188/100/0/threaded
http://www.securityfocus.com/archive/1/447190/100/0/threaded
http://www.securityfocus.com/archive/1/447192/100/0/threaded
http://www.securityfocus.com/archive/1/447193/100/0/threaded
http://www.securityfocus.com/archive/1/447194/100/0/threaded
http://www.securityfocus.com/archive/1/447201/100/0/threaded
http://www.securityfocus.com/archive/1/447207/100/0/threaded
http://www.securityfocus.com/archive/1/447209/100/0/threaded
http://www.securityfocus.com/archive/1/447213/100/0/threaded
http://www.vupen.com/english/advisories/2006/3803
http://www.vupen.com/english/advisories/2006/3804
http://www.vupen.com/english/advisories/2006/3805
http://www.vupen.com/english/advisories/2006/3806
http://www.vupen.com/english/advisories/2006/3807
http://www.vupen.com/english/advisories/2006/3808
http://www.vupen.com/english/advisories/2006/3809
http://www.vupen.com/english/advisories/2006/3810
http://www.vupen.com/english/advisories/2006/3811
http://www.vupen.com/english/advisories/2006/3812
http://www.vupen.com/english/advisories/2006/3813
http://www.vupen.com/english/advisories/2006/3814
http://www.vupen.com/english/advisories/2006/3815
https://exchange.xforce.ibmcloud.com/vulnerabilities/29220

Copyright 2024, cxsecurity.com

 

Back to Top