7.5
CVE-2006-1819
- EPSS 3.88%
- Veröffentlicht 18.04.2006 10:02:00
- Zuletzt bearbeitet 16.06.2026 22:23:44
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginDirectory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hub_dir parameter, as demonstrated by including access_log. NOTE: in some cases, arbitrary remote file inclusion could be performed under PHP 5 using an SMB share argument such as "\\systemname\sharename".
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Phpwebsite ≫ Phpwebsite Version <= 0.10.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.88% | 0.888 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://downloads.securityfocus.com/vulnerabilities/exploits/PHPWebSite_fi_poc
http://secunia.com/advisories/19647
http://secunia.com/advisories/19914
http://securitytracker.com/id?1015942
http://www.gentoo.org/security/en/glsa/glsa-200605-04.xml
http://www.securityfocus.com/bid/17521
http://www.vupen.com/english/advisories/2006/1361
https://exchange.xforce.ibmcloud.com/vulnerabilities/25867
https://www.exploit-db.com/exploits/1673