Vulnerability CVE-2006-6852
Published: 2006-12-31   Modified: 2012-02-12

Description:
Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by (1) conf.rhtml and (2) i.conf.rhtml. NOTE: some of these details are obtained from third party information.

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6/10
6.4/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Tdiary -> Tdiary 

 References:
http://www.vupen.com/english/advisories/2006/5201
http://www.tdiary.org/20061210.html
http://www.securityfocus.com/bid/21811
http://secunia.com/advisories/23465
http://jvn.jp/jp/JVN%2331185550/index.html
Copyright 2024, cxsecurity.com

 

Back to Top