7.5

CVE-2006-1767

Exploit
Multiple PHP remote file inclusion vulnerabilities in nicecoder.com INDEXU 5.0.0 and 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the theme_path parameter in (1) index.php, (2) become_editor.php, (3) add.php, (4) bad_link.php, (5) browse.php, (6) detail.php, (7) fav.php, (8) get_rated.php, (9) login.php, (10) mailing_list.php, (11) new.php, (12) modify.php, (13) pick.php, (14) power_search.php, (15) rating.php, (16) register.php, (17) review.php, (18) rss.php, (19) search.php, (20) send_pwd.php, (21) sendmail.php, (22) tell_friend.php, (23) top_rated.php, (24) user_detail.php, and (25) user_search.php; and the (26) base_path parameter in invoice.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NicecoderIndexu Version5.0
NicecoderIndexu Version5.0.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.12% 0.941
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://ftp.kep.online.fr/Indexu_5.0.1_File_Inclusion_Exploit-by_King-Hacker_and-Khamaileon.txt
http://securitytracker.com/id?1015891
Exploit
http://securitytracker.com/id?1016331
http://www.osvdb.org/24596
http://www.osvdb.org/24597
http://www.osvdb.org/28406
http://www.osvdb.org/28409
http://www.osvdb.org/28410
http://www.osvdb.org/28412
http://www.osvdb.org/28413
http://www.osvdb.org/28415
http://www.osvdb.org/28416
http://www.osvdb.org/28417
http://www.osvdb.org/28419
http://www.osvdb.org/28422
http://www.osvdb.org/28425
http://www.osvdb.org/28426
http://www.osvdb.org/28427
http://www.securityfocus.com/archive/1/430599/100/0/threaded
http://www.securityfocus.com/bid/17470
Exploit