Lucene search
HistoryMar 02, 2006 - 11:02 p.m.
CVE-2006-0957
cve
2006
0957
code injection
vulnerability
zoneo-soft
freeforum
security
php
http headers
remote attack
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.6 High
AI Score
Confidence
Low
0.023 Low
EPSS
Percentile
89.6%
Direct static code injection vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to execute arbitrary PHP code via the (1) X-Forwarded-For and (2) Client-Ip HTTP headers, which are stored in Data/flood.db.php.
Affected configurations
Node
zoneo-softfreeforumMatch1.0
ORzoneo-softfreeforumMatch1.0.1
ORzoneo-softfreeforumMatch1.1
ORzoneo-softfreeforumMatch1.1.1
ORzoneo-softfreeforumMatch1.1.2
ORzoneo-softfreeforumMatch1.2
Related
cvelist
cvelist
CVE-2006-0957
2006-03-02 23:00:00
nvd
nvd
CVE-2006-0957
2006-03-02 23:02:00
prion
prion
Code injection
2006-03-02 23:02:00
securityvulns
securityvulns
[eVuln] FreeForum PHP Code Execution & Multiple XSS Vulnerabilities
2006-03-10 00:00:00
packetstorm
packetstorm
EV0089.txt
2006-03-11 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.6 High
AI Score
Confidence
Low
0.023 Low
EPSS
Percentile
89.6%
Related for CVE-2006-0957