Vulnerability CVE-2006-5101

Vulnerability CVE-2006-5101

Published: 2006-10-03 Modified: 2012-02-12

Description:

PHP remote file inclusion vulnerability in include.php in Comdev CSV Importer 3.1 and possibly 4.1, as used in (1) Comdev Contact Form 3.1, (2) Comdev Customer Helpdesk 3.1, (3) Comdev Events Calendar 3.1, (4) Comdev FAQ Support 3.1, (5) Comdev Guestbook 3.1, (6) Comdev Links Directory 3.1, (7) Comdev News Publisher 3.1, (8) Comdev Newsletter 3.1, (9) Comdev Photo Gallery 3.1, (10) Comdev Vote Caster 3.1, (11) Comdev Web Blogger 3.1, and (12) Comdev eCommerce 3.1, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: it has been reported that 4.1 versions might also be affected.

See advisories in our WLB2 database:

	Topic	Author	Date
High	Comdev Events Calendar 3.1 :) <= Remote File Inclusion	rUnViRuS	03.10.2006

Type:

CWE-94

(Improper Control of Generation of Code ('Code Injection'))

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.5/10	6.4/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Comdev -> Comdev csv importer

References:

http://securityreason.com/securityalert/1658

http://www.securityfocus.com/archive/1/447184/100/0/threaded

http://www.securityfocus.com/archive/1/447185/100/0/threaded

http://www.securityfocus.com/archive/1/447186/100/0/threaded

http://www.securityfocus.com/archive/1/447187/100/0/threaded

http://www.securityfocus.com/archive/1/447188/100/0/threaded

http://www.securityfocus.com/archive/1/447190/100/0/threaded

http://www.securityfocus.com/archive/1/447192/100/0/threaded

http://www.securityfocus.com/archive/1/447193/100/0/threaded

http://www.securityfocus.com/archive/1/447194/100/0/threaded

http://www.securityfocus.com/archive/1/447201/100/0/threaded

http://www.securityfocus.com/archive/1/447207/100/0/threaded

http://www.securityfocus.com/archive/1/447209/100/0/threaded

http://www.securityfocus.com/archive/1/447213/100/0/threaded

http://www.vupen.com/english/advisories/2006/3803

http://www.vupen.com/english/advisories/2006/3804

http://www.vupen.com/english/advisories/2006/3805

http://www.vupen.com/english/advisories/2006/3806

http://www.vupen.com/english/advisories/2006/3807

http://www.vupen.com/english/advisories/2006/3808

http://www.vupen.com/english/advisories/2006/3809

http://www.vupen.com/english/advisories/2006/3810

http://www.vupen.com/english/advisories/2006/3811

http://www.vupen.com/english/advisories/2006/3812

http://www.vupen.com/english/advisories/2006/3813

http://www.vupen.com/english/advisories/2006/3814

http://www.vupen.com/english/advisories/2006/3815

https://exchange.xforce.ibmcloud.com/vulnerabilities/29220

Vulnerability CVE-2006-5101

See advisories in our WLB2 database:

High

Comdev Events Calendar 3.1 :) <= Remote File Inclusion

CWE-94

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

7.5/10

6.4/10

10/10

Remote

Low

No required

Partial

Partial

Partial

Affected software

References: