5.1
CVE-2006-5762
- EPSS 3.92%
- Veröffentlicht 06.11.2006 23:07:00
- Zuletzt bearbeitet 16.06.2026 22:31:49
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginPHP remote file inclusion vulnerability in forgot_pass.php in Free File Hosting 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: this issue was later reported for the "File Upload System" which is a component of Free File Hosting. This also affects Free Image Hosting 2.0, which contains the same code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Free Php Scripts ≫ Free File Hosting Version <= 1.1
Free Php Scripts ≫ Free Image Hosting Version2.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.92% | 0.89 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.1 | 4.9 | 6.4 |
AV:N/AC:H/Au:N/C:P/I:P/A:P
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
http://secunia.com/advisories/22594
http://www.attrition.org/pipermail/vim/2007-March/001473.html
http://www.osvdb.org/30143
http://www.rahim.webd.pl/exploity/Exploits/111.txt
http://www.securityfocus.com/archive/1/463707/100/0/threaded
http://www.securityfocus.com/bid/20781
http://www.securityfocus.com/bid/23118
http://www.vupen.com/english/advisories/2006/4228
https://exchange.xforce.ibmcloud.com/vulnerabilities/29874
https://exchange.xforce.ibmcloud.com/vulnerabilities/33196
https://www.exploit-db.com/exploits/2670
https://www.exploit-db.com/exploits/3568