Lucene search
MitreCVE-2006-0852HistoryFeb 23, 2006 - 2:06 a.m.
CVE-2006-0852
2006-02-2302:06:00
mitre
web.nvd.nist.gov
22
cve
code injection
vulnerability
php
admbook
remote execution
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.8
Confidence
Low
EPSS
0.062
Percentile
93.6%
Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php.
Affected configurations
Node
devscriptsadmbookRange≤1.2.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| devscripts | admbook | * | cpe:2.3:a:devscripts:admbook:*:*:*:*:*:*:*:* |
Related
openvas
openvas
Admbook PHP Code Injection Flaw
2008-10-24 00:00:00
Admbook PHP Code Injection Flaw
2008-10-24 00:00:00
nvd
nvd
CVE-2006-0852
2006-02-23 02:06:00
nessus
nessus
Admbook content-data.php X-Forwarded-For Header Arbitrary PHP Code Injection
2006-03-15 00:00:00
cvelist
cvelist
CVE-2006-0852
2006-02-23 02:00:00
prion
prion
Code injection
2006-02-23 02:06:00
exploitdb
exploitdb
Admbook 1.2.2 - 'x-forwarded-for' Remote Command Execution
2006-02-19 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.8
Confidence
Low
EPSS
0.062
Percentile
93.6%
Related for CVE-2006-0852