Vulnerability CVE-2006-1032
Published: 2006-03-07   Modified: 2012-02-12

Description:
Eval injection vulnerability in the decode function in rpc_decoder.php for phpRPC 0.7 and earlier, as used by runcms, exoops, and possibly other programs, allows remote attackers to execute arbitrary PHP code via the base64 tag.

See advisories in our WLB2 database:
Topic
Author
Date
High
phpRPC Library Remote Code Execution
GulfTech Securit...
01.03.2006
Med.
phpRPC < 0.7 Remote Code Execution
GulfTech
20.01.2018

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Phprpc -> Phprpc 

 References:
http://www.vupen.com/english/advisories/2006/0745
http://www.securityfocus.com/bid/16833
http://www.securityfocus.com/archive/1/426193
http://www.gulftech.org/?node=research&article_id=00105-02262006
http://securitytracker.com/id?1015691
http://securityreason.com/securityalert/502
http://secunia.com/advisories/19058
http://secunia.com/advisories/19028
Copyright 2024, cxsecurity.com

 

Back to Top