7.5
CVE-2006-3175
- EPSS 8.84%
- Veröffentlicht 23.06.2006 00:02:00
- Zuletzt bearbeitet 16.06.2026 22:26:32
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginMultiple PHP remote file inclusion vulnerabilities in mcGuestbook 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) admin.php, (2) ecrire.php, and (3) lire.php. NOTE: it was later reported that the ecrire.php vector also affects 1.2. NOTE: this issue might be limited to a race condition during installation or an improper installation, since a completed installation creates an include file that prevents external control of the $lang variable.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mcguestbook ≫ Mcguestbook Version1.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.84% | 0.945 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
http://securityreason.com/securityalert/1125
http://www.osvdb.org/27460
http://www.osvdb.org/27461
http://www.osvdb.org/27462
http://www.securityfocus.com/archive/1/437028/100/200/threaded
http://www.securityfocus.com/archive/1/437448/100/0/threaded
http://www.securityfocus.com/bid/18476
https://exchange.xforce.ibmcloud.com/vulnerabilities/27114