6.4

CVE-2006-4004

Exploit

EPSS 9.85%
Veröffentlicht 07.08.2006 19:04:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Vbportal ≫ Vbportal Version3.0.2

Vbportal ≫ Vbportal Version3.5.0_beta_2

Vbportal ≫ Vbportal Version3.5.0_beta_3

Vbportal ≫ Vbportal Version3.5.0_gold

Vbportal ≫ Vbportal Version3.6.0_beta_1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	9.85%	0.927

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N

http://secunia.com/advisories/21287

Vendor Advisory

Exploit

http://www.phpportals.com/forums/showthread.php?t=17308

http://www.securityfocus.com/bid/19257

Exploit

http://www.vupen.com/english/advisories/2006/3102

https://exchange.xforce.ibmcloud.com/vulnerabilities/28077

https://www.exploit-db.com/exploits/2087

https://nvd.nist.gov/vuln/detail/CVE-2006-4004

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-4004

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-4004

EUVD