7.5
CVE-2006-4545
- EPSS 2.68%
- Veröffentlicht 06.09.2006 00:04:00
- Zuletzt bearbeitet 16.06.2026 22:29:18
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginPHP remote file inclusion vulnerability in ModuleBased CMS Pre-Alpha allows remote attackers to execute arbitrary PHP code via the _SERVER parameter in (1) admin/avatar.php, (2) libs/archive.class.php, (3) libs/login.php, (4) libs/profiles.class.php, and (5) libs/profile/proccess.php. NOTE: CVE disputes this claim, as the _SERVER array and the _SERVER[DOCUMENT_ROOT] index are controlled by PHP and cannot be manipulated by an attacker
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Modulebased Cms ≫ Modulebased Cms Versionpre-alpha
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.68% | 0.839 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://www.attrition.org/pipermail/vim/2006-September/001012.html
http://www.osvdb.org/29872
http://www.securityfocus.com/archive/1/444897/100/0/threaded
http://www.securityfocus.com/archive/1/445006/100/100/threaded
http://www.securityfocus.com/bid/19754