phpWebSite 0.10.2 init.php file inclusion

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in phpWebSite 0.10.2 (Content Management System). It has been declared as critical. This vulnerability affects an unknown function of the file init.php. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field03/12/2015 10:21 PM08/15/2018 08:12 AM
typeContent Management SystemContent Management System
namephpWebSitephpWebSite
version0.10.20.10.2
fileinit.phpinit.php
risk22
cvss2_vuldb_basescore7.57.5
cvss2_vuldb_tempscore7.57.5
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auNN
cvss2_nvd_ciPP
cvss2_nvd_iiPP
cvss2_nvd_aiPP
cvss3_meta_basescore7.37.3
cvss3_meta_tempscore7.37.3
cvss3_vuldb_basescore7.37.3
cvss3_vuldb_tempscore7.37.3
date1160438400 (10/10/2006)1160438400 (10/10/2006)
urlhttp://www.securityfocus.com/archive/1/archive/1/448098/100/0/threadedhttp://www.securityfocus.com/archive/1/archive/1/448098/100/0/threaded
disputed11
price_0day$0-$5k$0-$5k
cveCVE-2006-5234CVE-2006-5234
cve_assigned11604384001160438400
cve_nvd_published11604384001160438400
cve_nvd_summary** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in phpWebSite 0.10.2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPWS_SOURCE_DIR parameter in (1) init.php, (2) users.php, (3) Cookie.php, (4) forms.php, (5) Groups.php, (6) ModSetting.php, (7) Calendar.php, (8) DateTime.php, (9) core.php, (10) ImgLibrary.php, (11) Manager.php, and (12) Template.php, and (13) EZform.php. NOTE: CVE disputes this report, since "PHPWS_SOURCE_DIR" is defined as a constant, not accessed as a variable.** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in phpWebSite 0.10.2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPWS_SOURCE_DIR parameter in (1) init.php, (2) users.php, (3) Cookie.php, (4) forms.php, (5) Groups.php, (6) ModSetting.php, (7) Calendar.php, (8) DateTime.php, (9) core.php, (10) ImgLibrary.php, (11) Manager.php, and (12) Template.php, and (13) EZform.php. NOTE: CVE disputes this report, since "PHPWS_SOURCE_DIR" is defined as a constant, not accessed as a variable.
securityfocus2041220412
securityfocus_date1160352000 (10/09/2006)1160352000 (10/09/2006)
securityfocus_classInput Validation ErrorInput Validation Error
securityfocus_titleRetired: PHPWebSite PHPWS_SOURCE_DIR Parameter Multiple Remote File Include VulnerabilitiesRetired: PHPWebSite PHPWS_SOURCE_DIR Parameter Multiple Remote File Include Vulnerabilities
cwe73 (privilege escalation)73 (privilege escalation)
cvss3_vuldb_uiNN
locationWebsiteWebsite
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_vuldb_rcXX
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
person_nicknameCrackers_child

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!