Vulnerability CVE-2006-4635


Published: 2006-09-08   Modified: 2012-02-12

Description:
Unspecified vulnerability in MySource Classic 2.14.6, and possibly earlier, allows remote authenticated users, with superuser privileges, to inject arbitrary PHP code via unspecified vectors related to the Equation attribute in Web_Extensions - Notitia (I/II). NOTE: due to lack of details, it is not clear whether this issue is file inclusion, static code injection, or another type of issue.

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Squiz -> Mysource classic 

 References:
http://www.vupen.com/english/advisories/2006/3477
http://www.securityfocus.com/bid/19868
http://secunia.com/advisories/21757
http://classic.squiz.net/download/changelogs/change_log_2.14.8
http://xforce.iss.net/xforce/xfdb/28768

Copyright 2024, cxsecurity.com

 

Back to Top