7.5

CVE-2006-1477

Exploit

EPSS 6.14%
Veröffentlicht 29.03.2006 01:06:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools PHP Live Helper 1.8 allow remote attackers to include and execute arbitrary PHP code via the abs_path parameter in (1) initiate.php, (2) waiting.php, (3) welcome.php, (4) admin/index.php, (5) javascript.php, (6) checkchat.php, and (7) blank.php.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 19

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Turnkey Web Tools ≫ Php Live Helper Version1.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	6.14%	0.903

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/19428

Vendor Advisory

Exploit

http://www.osvdb.org/24193

http://www.osvdb.org/24194

http://www.osvdb.org/24195

http://www.osvdb.org/24196

http://www.osvdb.org/24197

http://www.osvdb.org/24198

http://www.osvdb.org/24199

http://www.securityfocus.com/archive/1/428976/100/0/threaded

http://www.securityfocus.com/archive/1/437648/100/0/threaded

http://www.securityfocus.com/archive/1/437741/100/0/threaded

http://www.securityfocus.com/bid/18509

http://www.turnkeywebtools.com/forum/showthread.php?p=10415

Patch

http://www.vupen.com/english/advisories/2006/1137

http://www.worlddefacers.de/Public/WD-TMPLH.txt

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/25489

https://nvd.nist.gov/vuln/detail/CVE-2006-1477

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-1477

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-1477

EUVD