Vulnerability CVE-2006-4189


Published: 2006-08-16   Modified: 2012-02-12

Description:
Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3) browse.php, (4) cc.php, (5) click.php, (6) faq.php, (7) gallery.php, (8) im.php, (9) inbox.php, (10) join_form.php, (11) logout.php, (12) messages_inbox.php, and many other scripts.

CVSS2 => (AV:N/AC:H/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.1/10
6.4/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Boonex -> Dolphin 

 References:
http://xforce.iss.net/xforce/xfdb/28363
http://www.vupen.com/english/advisories/2006/3346
http://www.osvdb.org/28530
http://www.osvdb.org/28529
http://www.osvdb.org/28528
http://www.osvdb.org/28527
http://www.osvdb.org/28526
http://www.osvdb.org/28525
http://www.osvdb.org/28524
http://www.osvdb.org/28523
http://www.osvdb.org/28522
http://www.osvdb.org/28521
http://www.osvdb.org/28520
http://www.osvdb.org/28519
http://www.osvdb.org/28517
http://www.osvdb.org/28516
http://www.osvdb.org/28515
http://www.osvdb.org/28514
http://www.osvdb.org/28513
http://www.osvdb.org/28512
http://www.osvdb.org/28511
http://www.osvdb.org/28510
http://www.osvdb.org/28509
http://www.osvdb.org/28508
http://www.osvdb.org/28507
http://www.osvdb.org/28506
http://www.osvdb.org/28505
http://www.osvdb.org/28504
http://www.osvdb.org/28503
http://www.osvdb.org/28502
http://www.osvdb.org/28501
http://www.osvdb.org/28500
http://www.osvdb.org/28499
http://www.osvdb.org/28498
http://www.osvdb.org/28496
http://www.osvdb.org/28493
http://www.osvdb.org/28492
http://www.osvdb.org/28485
http://www.osvdb.org/28479
http://www.osvdb.org/28478
http://www.osvdb.org/28474
http://www.osvdb.org/28473
http://securitytracker.com/id?1016692
http://secunia.com/advisories/21535
http://www.securityfocus.com/bid/21182

Copyright 2024, cxsecurity.com

 

Back to Top