phpWebSite 0.10.2 init.php elévation de privilèges

entréeeditHistoryDiffjsonxmlCTI

Une vulnérabilité qui a été classée critique a été trouvée dans phpWebSite 0.10.2 (Content Management System). Affecté est une fonction inconnue du fichier init.php. Il n'y a aucune information à propos de possibles contremesures connues. Il est suggéré de remplacer l'object infecté par un produit alternatif.

Domaine12/03/2015 22:2115/08/2018 08:12
typeContent Management SystemContent Management System
namephpWebSitephpWebSite
version0.10.20.10.2
fileinit.phpinit.php
risk22
cvss2_vuldb_basescore7.57.5
cvss2_vuldb_tempscore7.57.5
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auNN
cvss2_nvd_ciPP
cvss2_nvd_iiPP
cvss2_nvd_aiPP
cvss3_meta_basescore7.37.3
cvss3_meta_tempscore7.37.3
cvss3_vuldb_basescore7.37.3
cvss3_vuldb_tempscore7.37.3
date1160438400 (10/10/2006)1160438400 (10/10/2006)
urlhttp://www.securityfocus.com/archive/1/archive/1/448098/100/0/threadedhttp://www.securityfocus.com/archive/1/archive/1/448098/100/0/threaded
disputed11
price_0day$0-$5k$0-$5k
cveCVE-2006-5234CVE-2006-5234
cve_assigned11604384001160438400
cve_nvd_published11604384001160438400
cve_nvd_summary** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in phpWebSite 0.10.2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPWS_SOURCE_DIR parameter in (1) init.php, (2) users.php, (3) Cookie.php, (4) forms.php, (5) Groups.php, (6) ModSetting.php, (7) Calendar.php, (8) DateTime.php, (9) core.php, (10) ImgLibrary.php, (11) Manager.php, and (12) Template.php, and (13) EZform.php. NOTE: CVE disputes this report, since "PHPWS_SOURCE_DIR" is defined as a constant, not accessed as a variable.** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in phpWebSite 0.10.2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPWS_SOURCE_DIR parameter in (1) init.php, (2) users.php, (3) Cookie.php, (4) forms.php, (5) Groups.php, (6) ModSetting.php, (7) Calendar.php, (8) DateTime.php, (9) core.php, (10) ImgLibrary.php, (11) Manager.php, and (12) Template.php, and (13) EZform.php. NOTE: CVE disputes this report, since "PHPWS_SOURCE_DIR" is defined as a constant, not accessed as a variable.
securityfocus2041220412
securityfocus_date1160352000 (09/10/2006)1160352000 (09/10/2006)
securityfocus_classInput Validation ErrorInput Validation Error
securityfocus_titleRetired: PHPWebSite PHPWS_SOURCE_DIR Parameter Multiple Remote File Include VulnerabilitiesRetired: PHPWebSite PHPWS_SOURCE_DIR Parameter Multiple Remote File Include Vulnerabilities
cwe73 (elévation de privilèges)73 (elévation de privilèges)
cvss3_vuldb_uiNN
locationWebsiteWebsite
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_vuldb_rcXX
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
person_nicknameCrackers_child

Might our Artificial Intelligence support you?

Check our Alexa App!