7.5

CVE-2006-5234

Exploit

EPSS 2.68%
Veröffentlicht 11.10.2006 01:07:00
Zuletzt bearbeitet 16.06.2026 22:30:48
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple PHP remote file inclusion vulnerabilities in phpWebSite 0.10.2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPWS_SOURCE_DIR parameter in (1) init.php, (2) users.php, (3) Cookie.php, (4) forms.php, (5) Groups.php, (6) ModSetting.php, (7) Calendar.php, (8) DateTime.php, (9) core.php, (10) ImgLibrary.php, (11) Manager.php, and (12) Template.php, and (13) EZform.php.  NOTE: CVE disputes this report, since "PHPWS_SOURCE_DIR" is defined as a constant, not accessed as a variable

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 8

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Phpwebsite ≫ Phpwebsite Version0.10.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.68%	0.838

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://securityreason.com/securityalert/1716

http://www.attrition.org/pipermail/vim/2006-October/001079.html

Exploit

http://www.securityfocus.com/archive/1/448098/100/0/threaded

http://www.securityfocus.com/archive/1/448307/100/100/threaded

http://www.securityfocus.com/bid/20412

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2006-5234

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-5234

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-5234

EUVD