7.5

CVE-2006-1819

Exploit

EPSS 1.52%
Veröffentlicht 18.04.2006 10:02:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hub_dir parameter, as demonstrated by including access_log.  NOTE: in some cases, arbitrary remote file inclusion could be performed under PHP 5 using an SMB share argument such as "\\systemname\sharename".

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Phpwebsite ≫ Phpwebsite Version <= 0.10.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.52%	0.805

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://downloads.securityfocus.com/vulnerabilities/exploits/PHPWebSite_fi_poc

http://secunia.com/advisories/19647

http://secunia.com/advisories/19914

http://securitytracker.com/id?1015942

http://www.gentoo.org/security/en/glsa/glsa-200605-04.xml

http://www.securityfocus.com/bid/17521

Exploit

http://www.vupen.com/english/advisories/2006/1361

https://exchange.xforce.ibmcloud.com/vulnerabilities/25867

https://www.exploit-db.com/exploits/1673

https://nvd.nist.gov/vuln/detail/CVE-2006-1819

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-1819

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-1819

EUVD