2.6
CVE-2006-4673
- EPSS 1.15%
- Veröffentlicht 11.09.2006 16:04:00
- Zuletzt bearbeitet 16.06.2026 22:29:34
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginGlobal variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks via the _SERVER[REMOTE_ADDR] parameter to news.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Php Fusion ≫ Php Fusion Version <= 6.01.4
Php Fusion ≫ Php Fusion Version6.0.105
Php Fusion ≫ Php Fusion Version6.0.106
Php Fusion ≫ Php Fusion Version6.0.107
Php Fusion ≫ Php Fusion Version6.0.109
Php Fusion ≫ Php Fusion Version6.0.110
Php Fusion ≫ Php Fusion Version6.0.204
Php Fusion ≫ Php Fusion Version6.0.206
Php Fusion ≫ Php Fusion Version6.0.303
Php Fusion ≫ Php Fusion Version6.0.304
Php Fusion ≫ Php Fusion Version6.0.306
Php Fusion ≫ Php Fusion Version6.0.307
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.15% | 0.626 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.6 | 4.9 | 2.9 |
AV:N/AC:H/Au:N/C:N/I:P/A:N
|
http://marc.info/?l=bugtraq&m=115765187519458&w=2
http://retrogod.altervista.org/phpfusion_6-01-4_xpl.html
http://secunia.com/advisories/21830
http://www.php-fusion.co.uk/news.php?readmore=353
http://www.securityfocus.com/bid/19908
http://www.vupen.com/english/advisories/2006/3523
https://exchange.xforce.ibmcloud.com/vulnerabilities/28818