Lucene search

MitreCVE-2006-4673

HistorySep 11, 2006 - 4:04 p.m.

CVE-2006-4673

2006-09-1116:04:00

mitre

web.nvd.nist.gov

cve-2006-4673

php-fusion

maincore.php

extract function

superglobals

sql injection

remote attackers

nvd

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

7.6

Confidence

Low

EPSS

0.01

Percentile

83.8%

JSON

Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks via the _SERVER[REMOTE_ADDR] parameter to news.php.

Affected configurations

Nvd

Node

php_fusionphp_fusionRange≤6.01.4

php_fusionphp_fusionMatch6.0.105

php_fusionphp_fusionMatch6.0.106

php_fusionphp_fusionMatch6.0.107

php_fusionphp_fusionMatch6.0.109

php_fusionphp_fusionMatch6.0.110

php_fusionphp_fusionMatch6.0.204

php_fusionphp_fusionMatch6.0.206

php_fusionphp_fusionMatch6.0.303

php_fusionphp_fusionMatch6.0.304

php_fusionphp_fusionMatch6.0.306

php_fusionphp_fusionMatch6.0.307

VendorProductVersionCPE
php_fusionphp_fusion*cpe:2.3:a:php_fusion:php_fusion:*:*:*:*:*:*:*:*
php_fusionphp_fusion6.0.105cpe:2.3:a:php_fusion:php_fusion:6.0.105:*:*:*:*:*:*:*
php_fusionphp_fusion6.0.106cpe:2.3:a:php_fusion:php_fusion:6.0.106:*:*:*:*:*:*:*
php_fusionphp_fusion6.0.107cpe:2.3:a:php_fusion:php_fusion:6.0.107:*:*:*:*:*:*:*
php_fusionphp_fusion6.0.109cpe:2.3:a:php_fusion:php_fusion:6.0.109:*:*:*:*:*:*:*
php_fusionphp_fusion6.0.110cpe:2.3:a:php_fusion:php_fusion:6.0.110:*:*:*:*:*:*:*
php_fusionphp_fusion6.0.204cpe:2.3:a:php_fusion:php_fusion:6.0.204:*:*:*:*:*:*:*
php_fusionphp_fusion6.0.206cpe:2.3:a:php_fusion:php_fusion:6.0.206:*:*:*:*:*:*:*
php_fusionphp_fusion6.0.303cpe:2.3:a:php_fusion:php_fusion:6.0.303:*:*:*:*:*:*:*
php_fusionphp_fusion6.0.304cpe:2.3:a:php_fusion:php_fusion:6.0.304:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
php_fusion	php_fusion	*	cpe:2.3:a:php_fusion:php_fusion::::::::
php_fusion	php_fusion	6.0.105	cpe:2.3:a:php_fusion:php_fusion:6.0.105:::::::*
php_fusion	php_fusion	6.0.106	cpe:2.3:a:php_fusion:php_fusion:6.0.106:::::::*
php_fusion	php_fusion	6.0.107	cpe:2.3:a:php_fusion:php_fusion:6.0.107:::::::*
php_fusion	php_fusion	6.0.109	cpe:2.3:a:php_fusion:php_fusion:6.0.109:::::::*
php_fusion	php_fusion	6.0.110	cpe:2.3:a:php_fusion:php_fusion:6.0.110:::::::*
php_fusion	php_fusion	6.0.204	cpe:2.3:a:php_fusion:php_fusion:6.0.204:::::::*
php_fusion	php_fusion	6.0.206	cpe:2.3:a:php_fusion:php_fusion:6.0.206:::::::*
php_fusion	php_fusion	6.0.303	cpe:2.3:a:php_fusion:php_fusion:6.0.303:::::::*
php_fusion	php_fusion	6.0.304	cpe:2.3:a:php_fusion:php_fusion:6.0.304:::::::*

Rows per page:

1-10 of 121

References

marc.info/?l=bugtraq&m=115765187519458&w=2

retrogod.altervista.org/phpfusion_6-01-4_xpl.html

secunia.com/advisories/21830

www.php-fusion.co.uk/news.php?readmore=353

www.securityfocus.com/bid/19908

www.vupen.com/english/advisories/2006/3523

exchange.xforce.ibmcloud.com/vulnerabilities/28818

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

7.6

Confidence

Low

EPSS

0.01

Percentile

83.8%

JSON

Related for CVE-2006-4673