Lucene search

MitreCVE-2006-2361

HistoryMay 15, 2006 - 4:06 p.m.

CVE-2006-2361

2006-05-1516:06:00

mitre

web.nvd.nist.gov

php

vulnerability

download manager

remote file inclusion

pafiledb

phpbb

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

High

EPSS

0.237

Percentile

96.6%

JSON

PHP remote file inclusion vulnerability in pafiledb_constants.php in Download Manager (mxBB pafiledb) integration, as used with phpBB, allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

Affected configurations

Nvd

Node

mxbbmxbb_portalMatch2.7

mxbbmxbb_portalMatch2.8

php_arenapafiledbMatch1.1.3

php_arenapafiledbMatch2.0.1

VendorProductVersionCPE
mxbbmxbb_portal2.7cpe:2.3:a:mxbb:mxbb_portal:2.7:*:*:*:*:*:*:*
mxbbmxbb_portal2.8cpe:2.3:a:mxbb:mxbb_portal:2.8:*:*:*:*:*:*:*
php_arenapafiledb1.1.3cpe:2.3:a:php_arena:pafiledb:1.1.3:*:*:*:*:*:*:*
php_arenapafiledb2.0.1cpe:2.3:a:php_arena:pafiledb:2.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mxbb	mxbb_portal	2.7	cpe:2.3:a:mxbb:mxbb_portal:2.7:::::::*
mxbb	mxbb_portal	2.8	cpe:2.3:a:mxbb:mxbb_portal:2.8:::::::*
php_arena	pafiledb	1.1.3	cpe:2.3:a:php_arena:pafiledb:1.1.3:::::::*
php_arena	pafiledb	2.0.1	cpe:2.3:a:php_arena:pafiledb:2.0.1:::::::*

References

secunia.com/advisories/20062

www.osvdb.org/25507

www.securityfocus.com/bid/17930

www.vupen.com/english/advisories/2006/1776

exchange.xforce.ibmcloud.com/vulnerabilities/26496

www.exploit-db.com/exploits/1774

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

High

EPSS

0.237

Percentile

96.6%

JSON

Related for CVE-2006-2361