phpWebSite 0.10.2 init.php escalazione di privilegi

voceeditHistoryDiffjsonxmlCTI

Un punto di criticita di livello critico è stato rilevato in phpWebSite 0.10.2 (Content Management System). Riguarda una funzione sconosciuta del file init.php. Informazioni riguardo una possibile contromisura non sono al momento disponibili. Si suggerisce di sostituire il prodotto con uno equivalente.

Campo12/03/2015 22:2115/08/2018 08:12
typeContent Management SystemContent Management System
namephpWebSitephpWebSite
version0.10.20.10.2
fileinit.phpinit.php
risk22
cvss2_vuldb_basescore7.57.5
cvss2_vuldb_tempscore7.57.5
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auNN
cvss2_nvd_ciPP
cvss2_nvd_iiPP
cvss2_nvd_aiPP
cvss3_meta_basescore7.37.3
cvss3_meta_tempscore7.37.3
cvss3_vuldb_basescore7.37.3
cvss3_vuldb_tempscore7.37.3
date1160438400 (10/10/2006)1160438400 (10/10/2006)
urlhttp://www.securityfocus.com/archive/1/archive/1/448098/100/0/threadedhttp://www.securityfocus.com/archive/1/archive/1/448098/100/0/threaded
disputed11
price_0day$0-$5k$0-$5k
cveCVE-2006-5234CVE-2006-5234
cve_assigned11604384001160438400
cve_nvd_published11604384001160438400
cve_nvd_summary** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in phpWebSite 0.10.2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPWS_SOURCE_DIR parameter in (1) init.php, (2) users.php, (3) Cookie.php, (4) forms.php, (5) Groups.php, (6) ModSetting.php, (7) Calendar.php, (8) DateTime.php, (9) core.php, (10) ImgLibrary.php, (11) Manager.php, and (12) Template.php, and (13) EZform.php. NOTE: CVE disputes this report, since "PHPWS_SOURCE_DIR" is defined as a constant, not accessed as a variable.** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in phpWebSite 0.10.2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPWS_SOURCE_DIR parameter in (1) init.php, (2) users.php, (3) Cookie.php, (4) forms.php, (5) Groups.php, (6) ModSetting.php, (7) Calendar.php, (8) DateTime.php, (9) core.php, (10) ImgLibrary.php, (11) Manager.php, and (12) Template.php, and (13) EZform.php. NOTE: CVE disputes this report, since "PHPWS_SOURCE_DIR" is defined as a constant, not accessed as a variable.
securityfocus2041220412
securityfocus_date1160352000 (09/10/2006)1160352000 (09/10/2006)
securityfocus_classInput Validation ErrorInput Validation Error
securityfocus_titleRetired: PHPWebSite PHPWS_SOURCE_DIR Parameter Multiple Remote File Include VulnerabilitiesRetired: PHPWebSite PHPWS_SOURCE_DIR Parameter Multiple Remote File Include Vulnerabilities
cwe73 (escalazione di privilegi)73 (escalazione di privilegi)
cvss3_vuldb_uiNN
locationWebsiteWebsite
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_vuldb_rcXX
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
person_nicknameCrackers_child

Interested in the pricing of exploits?

See the underground prices here!