Lucene search

[email protected]CVE-2006-3754

HistoryJul 21, 2006 - 2:03 p.m.

CVE-2006-3754

2006-07-2114:03:00

[email protected]

web.nvd.nist.gov

cve

2006

3754

php

remote file inclusion

flushcms

vulnerability

url

class_path

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

87.1%

JSON

PHP remote file inclusion vulnerability in Include/editor/rich_files/class.rich.php in FlushCMS 1.0.0-pre2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the class_path parameter.

Affected configurations

NVD

Node

flushcmsflushcmsRange≤1.0_pre2

CPENameOperatorVersion
flushcms:flushcmsflushcmsle1.0_pre2

CPE	Name	Operator	Version
flushcms:flushcms	flushcms	le	1.0_pre2

References

secunia.com/advisories/21090

www.securityfocus.com/bid/19023

www.vupen.com/english/advisories/2006/2822

exchange.xforce.ibmcloud.com/vulnerabilities/27751

www.exploit-db.com/exploits/2018

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

87.1%

JSON

Related for CVE-2006-3754

cvelist1 nvd1