5.1

CVE-2006-3340

Exploit

EPSS 14.76%
Veröffentlicht 03.07.2006 18:05:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo module 1.6 for Mambo, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the (1) phpbb_root_path parameter in (a) includes/functions_cms.php and the (2) GlobalSettings[templatesDirectory] parameter in multiple files in the "includes" directory including (b) adminSensored.php, (c) adminBoards.php, (d) adminAttachments.php, (e) adminAvatars.php, (f) adminBackupdatabase.php, (g) adminBanned.php, (h) adminForums.php, (i) adminPolls.php, (j) adminSmileys.php, (k) poll.php, and (l) move.php.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 18

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pearlinger ≫ Pearl For Mambo Version1.5

Pearlinger ≫ Pearl For Mambo Version1.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	14.76%	0.942

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.1	4.9	6.4	AV:N/AC:H/Au:N/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://secunia.com/advisories/20819

Vendor Advisory

http://www.osvdb.org/27168

http://www.osvdb.org/27169

http://www.osvdb.org/27170

http://www.osvdb.org/27171

http://www.osvdb.org/27172

http://www.osvdb.org/27173

http://www.osvdb.org/27174

http://www.osvdb.org/27175

http://www.osvdb.org/27176

http://www.osvdb.org/27177

http://www.osvdb.org/27178

http://www.securityfocus.com/bid/18690

Exploit

http://www.vupen.com/english/advisories/2006/2561

https://www.exploit-db.com/exploits/1956

https://nvd.nist.gov/vuln/detail/CVE-2006-3340

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-3340

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-3340

EUVD