Lucene search

[email protected]CVE-2006-4236

HistoryAug 21, 2006 - 6:04 p.m.

CVE-2006-4236

2006-08-2118:04:00

[email protected]

web.nvd.nist.gov

cve-2006-4236

php

remote file inclusion

powergap

url

security vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.582 Medium

EPSS

Percentile

97.8%

JSON

Multiple PHP remote file inclusion vulnerabilities in POWERGAP allow remote attackers to execute arbitrary PHP code via a URL in the (1) shopid parameter to (a) s01.php, (b) s02.php, © s03.php, and (d) s04.php; and possibly a URL located after “shopid=” or “sid=” in the PATH_INFO.

Affected configurations

NVD

Node

powergappowergap_business

powergappowergap_lite

CPENameOperatorVersion
powergap:powergap_businesspowergap powergap businesseq*
powergap:powergap_litepowergap powergap liteeq*

CPE	Name	Operator	Version
powergap:powergap_business	powergap powergap business	eq	*
powergap:powergap_lite	powergap powergap lite	eq	*

References

securityreason.com/securityalert/1417

securitytracker.com/id?1016715

www.osvdb.org/29496

www.osvdb.org/29497

www.osvdb.org/29498

www.osvdb.org/29499

www.osvdb.org/29500

www.securityfocus.com/archive/1/443469/100/0/threaded

www.securityfocus.com/bid/19565

exchange.xforce.ibmcloud.com/vulnerabilities/28425

www.exploit-db.com/exploits/2201

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.582 Medium

EPSS

Percentile

97.8%

JSON

Related for CVE-2006-4236

cvelist1 nvd1