Vulnerability CVE-2006-0887


Published: 2006-02-25   Modified: 2012-02-12

Description:
Eval injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a, when index.php3 from the PHPLib distribution is available on the server, allows remote attackers to execute arbitrary PHP code by including a base64-encoded representation of the code in a cookie. NOTE: this description was significantly updated on 20060605 to reflect new details after an initial vague advisory.

Type:

CWE-94

(Improper Control of Generation of Code ('Code Injection'))

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Phplib team -> Phplib 

 References:
http://sourceforge.net/project/shownotes.php?group_id=31885&release_id=396091
http://secunia.com/advisories/16902
http://xforce.iss.net/xforce/xfdb/24873
http://www.vupen.com/english/advisories/2006/0720
http://www.securityfocus.com/bid/16801
http://www.osvdb.org/23466
http://www.gulftech.org/?node=research&article_id=00107-03052006
http://securitytracker.com/id?1016123

Copyright 2024, cxsecurity.com

 

Back to Top