7.5

CVE-2006-5100

PHP remote file inclusion vulnerability in parse/parser.php in WEB//NEWS (aka webnews) 1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WN_BASEDIR parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NetwinWebnews Version1.1h
NetwinWebnews Version1.1i
NetwinWebnews Version1.1j
NetwinWebnews Version1.1k
NetwinWebnews Version1.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.73% 0.884
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/22076
Vendor Advisory
http://securityreason.com/securityalert/1659
http://securitytracker.com/id?1016938
http://www.securityfocus.com/archive/1/446996/100/0/threaded
http://www.securityfocus.com/bid/20239
http://www.vupen.com/english/advisories/2006/3797
https://exchange.xforce.ibmcloud.com/vulnerabilities/29167
https://www.exploit-db.com/exploits/2435