Vulnerability CVE-2006-4311
Published: 2006-08-23   Modified: 2012-02-12

Description:
PHP remote file inclusion vulnerability in Sonium Enterprise Adressbook 0.2 allows remote attackers to execute arbitrary PHP code via the folder parameter in multiple files in the plugins directory, as demonstrated by plugins/1_Adressbuch/delete.php.

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Sonium -> Enterprise adressbook 

 References:
http://www.bb-pcsecurity.de/Websecurity/342/org/Sonium_Enterprise_Adressbook_Version_0.2_(folder)_RFI.htm
http://www.securityfocus.com/archive/1/443701/100/0/threaded
http://www.securityfocus.com/bid/19597
http://www.vupen.com/english/advisories/2006/3334
https://exchange.xforce.ibmcloud.com/vulnerabilities/28464
Copyright 2024, cxsecurity.com

 

Back to Top